Unsolved
This post is more than 5 years old
2 Intern
•
128 Posts
0
1273
December 20th, 2006 09:00
Potential Symmetrix Security Vulnerability/Auditing Issues
It could be assumed that most of the Sym's out there field have some sort of remote dial-in/support capabilty.
When EMC remotely dials into a box to do support, there is no auditing reporting available that tells the customer, who dialed in, when they were connected and what was done on the machine. There should be a method or SYMCLI command that can pull this info and be able to report on it. This should be something that can be printed out by a customer and handed to a security auditor. Since there is not even basic login/logout accounting available to the customer, it's impossible to determine if someone is attempting to remotely hack into the machine. What if a disgruntled EMC tech decides to mess with an array or steal data? (Although that's very very unlikely, the potential is still there.)
Some EMCer's in other threads (ie. mlee) have suggested to physically limit access to the machines but still there is not access auditing available. Limiting access is not really an acceptable solution because it limits the ability of EMC to support the arrays.
When EMC remotely dials into a box to do support, there is no auditing reporting available that tells the customer, who dialed in, when they were connected and what was done on the machine. There should be a method or SYMCLI command that can pull this info and be able to report on it. This should be something that can be printed out by a customer and handed to a security auditor. Since there is not even basic login/logout accounting available to the customer, it's impossible to determine if someone is attempting to remotely hack into the machine. What if a disgruntled EMC tech decides to mess with an array or steal data? (Although that's very very unlikely, the potential is still there.)
Some EMCer's in other threads (ie. mlee) have suggested to physically limit access to the machines but still there is not access auditing available. Limiting access is not really an acceptable solution because it limits the ability of EMC to support the arrays.
0 events found
No Events found!
Farhan-WyGkB
1 Rookie
•
21 Posts
0
December 22nd, 2006 03:00
sysmgr1
2 Intern
•
128 Posts
0
December 22nd, 2006 07:00
This is not an option because it restricts the Sym's ability to dial home. The goal is not to restrict the functionality or the ability of EMC to perform support on their products in any way. The goal is simply to report who, what, where and when. Who from EMC dialed in? What did they do? Where did they dial in or which array did they access? Finally, when did they access the machine? Dial homes should be reported too, so that there if there is a recurring hardware issue, then it could be addressed.
If EMC has nothing to hide, then they should easily be able to do this.
Farhan-WyGkB
1 Rookie
•
21 Posts
0
December 22nd, 2006 08:00
With regards to a record of dial homes. The symm will dial home for errors that we'll never understand as its quite a complex beast, so having visbilty of these type of dial homes isn't relevent ( as its's not in our remit as end users ) or may be even seen as over kill to some people.
Lee_Neel
3 Posts
0
December 23rd, 2006 20:00
You should all really check out the Secure Remote Support Gateway. Get rid of the modems and know who is doing what.
Lee
sysmgr1
2 Intern
•
128 Posts
0
December 27th, 2006 09:00
sysmgr1
2 Intern
•
128 Posts
0
January 4th, 2007 05:00
sysmgr1
2 Intern
•
128 Posts
0
January 5th, 2007 05:00
What would it take to make these files available? Since the SYMCLI/SYMAPI programs talk directly to the service processor, this seems like it would be easy to do, right?
MrTS2Symm
113 Posts
0
January 8th, 2007 06:00
All Symmetrix machines require a phone line for maintenance capability.
The audit of any and all work with respect to the Symmetrix is recorded on the Service Processor in log files. This information is from inline's commands entered after a person logs in, along with periodic and scheduled checks.
As far as 'hacking' into the Symmetrix, the software for connection is proprietary and password protected. There are also Customers that enable dial in access, but that is added overhead on the Customer.
Hosts are notified of errors via console messages. These are not all events or errors, but ones that are deemed noteworthy and can be enabled or disabled via Customer request with the local EMC personal.
sysmgr1
2 Intern
•
128 Posts
0
January 8th, 2007 06:00
The issue concerns simple reporting of who, what, where and when. Certainly this information could be supplied from the sym somehow. The symcli commands get practically everything else. It seems silly to have to install an external security system to get this basic info. ESRS is wasteful overkill.
sysmgr1
2 Intern
•
128 Posts
0
January 9th, 2007 10:00
Why is the audit of all work done on the Symmetrix by EMC, kept from the customers' view?
MrTS2Symm
113 Posts
0
January 9th, 2007 12:00
Maintenance work performed on any Symmetrix is not kept form Customers. Anything that has any potential impact to Customers is first discussed with them for both authorization and monitoring.
From the beginning of EMC Symmetrix time, it has been one of the working benefits with the Symmetrical layout and configuration, non disruptive and transparent maintenance be performed with minimal Customer engagement. Customers have their own business to attend to and focus on.
The logs within the Service Processor being proprietary format are intelligible by trained EMC personal.
By Customers for working with real time and statistical information needs, there are packages as EMC Control Center that have the capability of managing all size Data Centers.
I hope that this answers your question.
JasonBailey
147 Posts
0
January 10th, 2007 17:00
what, where and when. Certainly this information
could be supplied from the sym somehow. The symcli
commands get practically everything else.
This is an enhancement request.
To submit an enhancement request, log in to Powerlink and navigate to Support > About EMC Customer Service > Contact EMC Customer Service, then select "Software Product Enhancement Request" from the selection list. Fill out and submit your enhancement request and it will be routed to the proper development organization for consideration.
This is not meant to disregard your points, its simply the best way to get what you are saying in front of the right people for a formal review.
Let us know how you go.
sysmgr1
2 Intern
•
128 Posts
0
January 11th, 2007 04:00
I will do that. We'll see how it goes.