What's the best methodology to use when testing for storage security vulnerabilities?

I normally recommend that you try to exploit your vulnerabilities as long as there is no negative impact on the production environment or on the integrity of your storage. I feel that the exploitation process can add a lot of value and help get the attention of network administrators, developers and even upper management. A screenshot of a remote command prompt on a server or some other host in your storage environment can be a powerful vehicle for change.

Be sure to wrap your testing into a higher level ethical hacking methodology that includes planning things out so that everyone knows what is being tested. Next, perform the testing and analyze the results from your testing tools and manual assessments. Prioritize your findings and make recommendations before reporting the results. Finally, implement your changes to address any issues that you might have discovered.

Listen to the Storage Security FAQ audiocast here.

Go to the beginning of the Storage Security FAQ Guide.

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Tape encryption and security Encryption and off-site tape storage Download Backup Guide Chapter 8: Security (PDF) nCipher grabs NeoScale for $1.9M Iron Mountain loses backup tapes containing student data Purchasing backup software-based encryption Specifications for backup software-based encryption Storage Decisions Session Downloads (Chicago 2007) Backup data security overview How archive and encryption impact backup with Curtis Preston How to destroy data on backup tapes

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary