Tip

Five must-have data storage security tools for smaller businesses

In the past, we have discussed the five must-have data storage security testing tools for the general storage administrator. And these tools are still relevant and should be considered by any network or storage administrator.

    Requires Free Membership to View

However, these data storage tools are mostly geared toward larger enterprises. So what tools should you consider if you are a smaller business? This tip will explore five data storage security tools that are easier to work with and geared specifically towards SMBs.

Common data storage security problems

When seeking out storage-related vulnerabilities there are three main areas to focus on:

  1. Live storage hosts on your network
  2. The services, applications and shares on your storage systems
  3. Specific vulnerabilities that can be directly exploited or facilitate exploitation and ultimately lead to a security breach

The variables and possibilities for all three are endless, but if you focus on what counts, you can really simplify things. There are four big storage-related vulnerabilities that I usually come across:

  1. Unknown or forgotten systems that have fallen outside the typical patch management and system administration
  2. Unpatched software at the operating system and application levels
  3. Weak passwords and access control in Web management interfaces
  4. Unprotected file shares that provide unfettered access to sensitive files and databases to anyone on the network

LANguard and QualysGuard

To help avoid and solve some of these common data storage security problems, you can use the relatively low-cost vulnerability scanner LANguard as shown in Figure 1 below (click on image for full size).

Figure 1 -- Security scanning options in LANguard for finding OS/app-related vulnerabilities

LANguard is a great starter tool for finding live hosts, open ports and common vulnerabilities. It also has a share finder tool built into it that you can use to find open shares with weak permissions.

Another helpful tool is QualysGuard, which is the one scanner tool that comes closest to being a general all-in-one vulnerability scanner. It finds security vulnerabilities in operating systems and applications you would never think existed.

Pricing for these tools varies based on the license you buy, the number of systems you scan, etc. You can expect to pay anywhere from a few hundred dollars to as much as a couple thousand dollars depending on what you need. Regardless, the investment will be worth every penny. But before you buy any data storage security tools, be sure to test them and see how they can benefit your company.

Acunetix Web Vulnerability Scanner and N-Stalker Web Application Security Scanner

For the Web, a great vulnerability scanner is Acunetix Web Vulnerability Scanner as shown in Figure 2 below (click on image for full size).

Figure 2 -- Security scanning options in Acunetix for finding Web-related vulnerabilities

Acunetix Web Vulnerability Scanner can find a lot of common Web-related weaknesses in your storage environment including default/blank passwords, login mechanism flaws, and even input validation flaws such as cross-site scripting and SQL injection.

Another tool that seeks out Web vulnerabilities is the N-Stalker Web Application Security Scanner. You simply point the scanner tools to the Web URL or IP address of the system(s) you wish to test, select the defaults and off it goes. The scans will finish and it will produce a roadmap on what needs to be addressed.

Finally, after you've uncovered share and file permission weaknesses using a tool such as LANguard or QualysGuard, you'll want to search for sensitive information that shouldn't be accessible to just anyone on your network. This is arguably one of the greatest information risks your business faces right now. A great tool for seeking out sensitive files is with Identity Finder as shown in Figure 3 below (click on image for full size).

Figure 3 -- Search options in Identity Finder for finding sensitive information

Identity Finder comes in both a standalone product as well as an enterprise version you can use for searching network drives. Another great low-cost search alternative that you may want to consider is FileLocator Network.

Overall, your SMB will benefit from these data storage security, especially when you need to seek out important storage vulnerabilities in your SMB environment.

About this author: Kevin Beaver is an independent information security consultant, speaker, and expert witness with Atlanta-based Principle Logic LLC. He has more than 20 years experience in the industry and specializes in performing independent information security assessments revolving around compliance and information risk management. Kevin has authored/co-authored seven books on information security including the ethical hacking books "Hacking For Dummies" and "Hacking Wireless Networks For Dummies" (Wiley). He's also the creator of the Security On Wheels information security audio books and blog providing security learning for IT professionals on the go. Kevin can be reached at www.principlelogic.com.


This was first published in October 2009

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.