If the Network-attached storage (NAS) is not properly secured, the end result can lead to loss of sensitive information (confidential company information, marketing strategies, etc.), correspondence (emails, contacts), or financial details. These are some of the tools available for the hacker to use to exploit and identify security vulnerabilities.
Tools to identify web server vulnerabilities:
- Nessus—Hackers use this vulnerabilities scanning tool to determine potential vulnerabilities of the NAS. This tool lists all of the potential vulnerabilities of the NAS. For example, the Apache server patch is not up-to-date, the server uses weak SSL ciphers, etc.
- Nikto—This web vulnerabilities scanner lists all potential security holes. For example, “OpenSSL/0.9.8e appears to be outdated (current version should be at least 0.9.8g),” etc.
- Metasploit Framework—An advanced open-source vulnerability exploitation platform for developing, testing, and using exploit code.
Tools to identify open ports, services, and user accounts:
- Nmap—Hackers use this TCP/UDP ports scanning tool to determine open TCP/UDP ports on the device. For example, if FTP service is running on the NAS, the scan will indicate that TCP port 21 is open.
- Xprobe2, Amap—Hacker uses these OS and application fingerprinting scanners to determine the version in use. Based on this information, they can tailor the attack specific to the OS version or the application version.
- Winfo—Uses null sessions (guest account) to remotely retrieve information about user accounts, workstation/interdomain/server trust accounts, etc.
- Hping2—A network probing utility; like ping on steroids. This tool is particularly useful when trying to do a traceroute, ping, or probe of a host behind a firewall. This often allows you to map out firewall rule sets.
Tools to hack passwords:
- John the Ripper—A powerful, flexible, and fast multi-platform tool for cracking password hash. It’s primary purpose is to detect weak UNIX passwords. It supports several crypt(3) password hash types which are most commonly found on various UNIX flavors, as well as Kerberos AFS and Windows NT/2000/XP hashes.
- THC Hydra—A fast network authentication cracker. It can perform brute force attacks or rapid dictionary attacks against more than 30 protocols, including telnet, FTP, HTTP, HTTPS, SMB, etc.
A typical network hack includes several of these used in combination. For instance, a hacker runs a network scanning tool such as nmap to determine the open TCP/UDP ports. After the open TCP or UDP ports are identified, the hacker then runs the THC Hydra tool, using a list of known passwords or dictionary attacks method to determine the password. A more sophisticated hacker can utilize a tool such as “winfo” that can quickly scan the list of user accounts on the system based on guest access. After determining the open ports and a list of user accounts, the hacker then customizes the attacks based on this information (i.e. brute force attacks or dictionary attacks to determine the passwords).
It is almost impossible to prevent all of the possible attacks and make the system usable. However, by employing some of the security considerations outlined in Security Best Practices and Considerations, these vulnerabilities are minimized.
Excerpted from the Cisco Systems white paper “Security Considerations for Cisco Smart Storage“.