[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] aoe security


I know a few xen users are relying on aoe as the protocol of choice to connect to file servers, it is elegant and lightweight.

I've built a mini lab using 2 raid 10 file servers with drbd/HA, LVM and vblade mini servers for making domU available to xen servers (dom0). It work like a charm and I wish I could deploy it but there is one single issue which makes me quite uncomfortable to use as is: aoe security.

I've read this document: http://www.security-assessment.com/files/whitepapers/Insecurities_in_AoE.pdf

I know we can limit somewhat access by specifying the mac address and I was wondering if anyone made some testing in terms of security

Here is a paste from the conclusion from the above link, I wonder if anyone would like to share some thoughts or their conclusion on that topic :

Coraid’s hardware AoE product, EtherDrive supports MAC filtering.
If MAC filtering is also enabled correctly on the switch infrastructure this provides a certain level of security. In this case however, it is possible that various attacks on the switch (such as cam table flooding), could be possible to bypass this security feature. These attacks however, are outside of the scope of this whitepaper. If MAC filtering is not enabled on the switch layer, then client MAC theft is possible. This is an active and invasive attack which will result in lack of client service. After successfully performing this attack, it is subsequently possible to utilize the “Malicious Server” technique described earlier as the client will have to
reconnect to the server.
The EtherDrive disk restriction mechanism via “configuration string” described earlier can be easily bypassed with packet forgery. The packet containing the configuration string can be sniffed and replayed, or once the configuration string is captured, it can be embedded in a forged packet. It may also be possible to either guess or brute-force the “configuration string” used for authentication in order to gain unauthorized access to the disk. Securing the AoE infrastructure to ensure separation between clients in different security domains will alleviate the problems described herein. If both the server and the switch support 802.1q VLAN trunking then the following process will provide an AoE infrastructure
which is resistant to the attacks described in this whitepaper:
Configure an AoE server with multiple physical interfaces and export one logical array per interface per client. Configure VLAN trunking on both the server and the switch. Each
AoE connected client will be in a separate VLAN.
While these steps may provide adequate protection for the data on your SAN,
management overhead is increased and the inherent insecurity of the AoE protocol remains. The security lies with the infrastructure which itself needs to be configured
correctly in order to be properly resistant to attack.
11 A patch to provide MAC filtering for the linux userland server was published on the AoE mailing list by
Fran Firman. http://aoetools.sourceforge.net


Virtual Space International Inc. Steven Dugway USA 206-734-HOST Canada 514-939-HOST (4678) ext 5
Skype:stevenvsi; savetimehosting.net 911hosting.net goodprivacy.net
Spam is not allowed: AUP http://www.virtualspaceintl.net/acceptable_use.html
Internet Is Here To Stay, Make Sure Your Business Is!

Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.