The desk phone is mad, and Yaxing has no nap. Xiao Huqi got off the phone and didn't get angry. “Hey,” he said. “ Not good. Our disk array is infected with viruses! ” The voice at the end of the phone was anxious. “ Hello, can you describe it carefully? Is the host connected to the disk array infected with the virus? ” Hearing that the other party is a customer, Xiao Hu has to endure the swearing in his heart and ask in a whisper. “No, no, that is the disk array that you sold to us last year was infected with viruses! & rdquo; Xiao Hu took a deep breath and thought about how to deal with this idiot. “ If the data in the disk array is infected with a virus, you need to do anti-virus on the host, just like the virus on the internal disk. ” “ No, no, no, it is a virus inside the disk array. The firmware of the disk array controller is infected with viruses! ” Xiaohu's desperate screaming "neuropathy" three words, barely calm asked: "How do you determine the disk array is poisoned?" & rdquo; The phone seems to have taken a breath, and the voice slowed down. "I am the network management of this computer room. Today, I found that there is a virus spread on the network. I will break the network and kill one by one, but I can't kill it." Finally, we intercepted the packet analysis on the switch
and found that the IP address of the poison source is actually on your disk array. ” & ldquo; Ah! ” All plans to humiliate the other side of the ignorance have evaporated in an instant, leaving only a solid surprise. After doing this technical support for a long time, Xiaohu was the first to hear that the disk array controller can also be poisoned. This is a real scene that I have encountered a few days ago. In fact, it is not just Xiaohu. It is estimated that many senior storage engineers will encounter the argument that the disk array is infected with viruses. The response will be the same as Xiaohu. Traditionally, the disk array is just an external device in the
system
, and many users even call it “large hard disk”. Although the device itself has firmware (Firmware) part, it is basically such as VxWorks and even smaller embedded system
, very few viruses can infect this system
. Naturally, no one has ever seen the disk array infected with viruses. However, in recent years, with the richness of disk array functions and the increasing processing requirements, more and more mid-to-high-end disk arrays have begun to use larger operating systems as firmware platforms.
*The NetApp storage device controller runs a custom FreeBSD; * The Engineo disk array (ie IBM DS4000 series) controller uses Intel Celeron chips and runs Linux (the DS4100 and DS4300 still follow Mylex technology) Using Xscale CPU and VxWorks
); * EMC CLARiiON series array controller adopts Intel Pentium chip, once used Windows2000 as operating system, now upgraded to WindowsXP; * Sun's new 6920 disk array central processing unit (called DSP) is a Sparc server running standard Solaris and Veritas Volume Manager; * IBM enterprise product DS8000 array controller is RS6000 architecture, running AIX system
.
Traditional server operations
The opportunity. There is no need to say that the open system of Windows, Linux, Solaris and AIX has become a key target for viruses and hackers because of its large number of users. The author's laptop has an alert system
installed to report some sniffer scans and illegal requests. Although this early warning system cannot detect all attacks and scans, even so, hundreds of events per week are enough to show how amazing the number of attacks and scans on the Internet. If only 1 & permil; of these attacks, the success rate will mean that the system will be illegally invaded every 2 to 3 months. For most mid- to high-end systems, such security is completely unbearable. What's more, for the "naked system" without any protection, the success rate of the attack will be much higher than 1‰ I have tried to connect a laptop with only Windows XP to the Internet overnight. The password for MSN has been changed the next morning, and the desktop settings are beyond recognition. Viruses and attacks against Windows, Linux, and open Unix systems are updated daily, and these systems are themselves protected by frequent patches and third-party security software. Therefore, the situation is tricky for the system
installed in the array controller. At present, there is no third-party security software vendor to provide security protection software for the array controller. Users can upgrade the firmware of the array controller frequently, just like frequently patching the host. In fact, disk array vendors are also advocating this. These vendors claim to users that "upgrading to the latest version of firmware will ensure that the system is the most reliable" and that it will update its average weekly rate. Firmware version. However, upgrading array firmware is a very dangerous operation for online disk arrays. Frequent upgrades of firmware will undoubtedly seriously affect data security. Even if the manufacturer can guarantee a 100% secure firmware upgrade, most mid- to high-end systems can't stand such frequent crash windows. Shut down 1 to 2 hours per week, 50 to 100 hours per year! Where is this high-availability that the manufacturers claim to be “four nines” and “five nines”? Perhaps the manufacturers are aware of this embarrassment, and some responsible vendors have introduced a special feature in the newly launched product----improve firmware online. This problem seems to be solved. I have listened to many engineers from well-known manufacturers on this feature many times, saying that it can achieve "uninterrupted system
maintenance". Is this really the case? Unfortunately, the actual situation is not perfect at all. Open any user manual that supports the "Online Firmware Upgrade" product, you will find a similar prompt in its operating procedures: "Although this product can support online firmware upgrade, it requires any external I/O to be stopped during the upgrade process. O operation. & rdquo; What does this mean? The disk array can be stopped, but the host read and write needs to be stopped. What is the difference between this and system
downtime? ! The so-called "uninterrupted maintenance" is not a word game. Retreat 10,000 steps, even if the user completely updates the firmware at the fastest speed according to the manufacturer's requirements, is the disk array safe? Can you protect your Windows XP patch from the latest version to be protected from viruses and hackers? The same reason. Some people may doubt, "I have not heard of many disk arrays infected with viruses and attacks." & rdquo; In fact, the truth is also very simple. Think about the environment in which high-end disk arrays are generally used. Which of the telecom company's central computer rooms is not layer-by-layer soft and hard firewall protection? The central office of the bank is even worse, and it simply isolates the physical connection to the Internet. These objective factors reduce the chances of disk arrays being vulnerable, but this does not mean reducing the "vulnerability" of the disk array. It should be noted that the protection of the disk array in the equipment room environment is very limited. Almost all mid- to high-end disk arrays support remote management and maintenance, and vendors or integrators are happy to conduct regular inspections through remote management ports. If possible, vendors and integrators will urge users to provide a public address for the disk array and place it in an externally accessible location. Perhaps most integrators and users have not noticed that this convenience also exposes the "vulnerability" of disk arrays to dangerous public network environments. In addition, once the computer room is infected with viruses or malicious users, the disk array is basically in jeopardy because it has no precautions. In the previous story, Xiaohu’s customers encountered this situation. Although disk arrays are prone to infection, once this happens, it is difficult to kill viruses and malicious code. Due to the special packaging mechanism, general security software cannot be installed on the array controller. Moreover, such changes to administrator accounts and other aspects of the system also prevent security software from cleaning up the system
. In a word, disk arrays are susceptible to viruses but are not easy to remove. What about other storage devices besides disk arrays? We know that the core operations of some fiber-switching devices and virtual storage devices are also based on Linux. But overall, the security mechanisms of these devices are much better than disk arrays. Part of the reason is that most of these vendors have more or less traditional Ethernet technology foundations, and part of the reason is that these systems differ greatly from the well-known versions of Linux such as RedHat and SuSe. For viruses and hackers, "compatibility" is relatively poor.
Universal operation in NAS and iSCSI devices is more popular. Microsoft has also developed Windows Storage Server as a professional system for such devices. Its virus “ Compatibility " Nature is very "good”. Fortunately, however, network security is attached to both NAS and iSCSI devices. Almost every NAS product is pre-installed or provides anti-virus software with options and a good authentication protection mechanism. In the iSCSI device, the CHAP protection mechanism is simply one of its standard configurations, which prevents the
system from being exposed to an insecure network.
As you can see, NAS and iSCSI devices clearly have an advantage over traditional FC disk arrays in terms of network security. Therefore, the choice of NAS or iSCSI devices will make the storage device itself more secure, while the performance and scalability requirements can be met. If you must choose FC disk arrays, you need to avoid management through the controller's network interface, and try to use a more secure in-band management mode. Let's take a look at how Xiaohu solves problems for users. The key steps are nothing more than the aforementioned points:
* Back up data and configuration information in all disk arrays; * Refresh array controller firmware (equivalent to reinstallation operation System
) is the latest version; * Manually restore array configuration information; * Remove Ethernet connection for management, change to in-band management; * Complete network-wide anti-virus. * Get it!
The user is satisfied. Xiao Hu also took a lesson, the original disk array can also be infected with viruses.
. This is to help some rookie webmasters solve the problem that IIS does not have a net2.0 option ca
The rapid development of the enterprise network has made the supporting servers an
Introduction: The full name of PWS is Personal Web Server, which is
There are many ways to crash Windows Server, but most of them fall into three categories: old anti-v
Data center energy consumption reduction Eight extreme methods revealed
How to optimize Windows server disk performance
How to set up Hyper-V virtual machine NIC?
Apache Indexes Chinese directory garbled solution
About PHP's thread safety mode (Thread Safety)
How to solve file fragmentation problems that plague server performance
Win2003 Server disk mirror volume management articles
Implementing RAID function with software under Linux (2)
Improve IIS website server efficiency eight methods
Primary and secondary school campus network server procurement guide
Method to prevent brute force cracking Win8 system password
Win7 desktop gadgets Notepad is very convenient
Set gzip page compression in iis
How to open Win7 Network Neighborhood? Three ways to open Network Neighborhood in Win7
Do these hardwares support graphics card crossfire?
How does the Win8 system modify the virtual memory size?
How to make the program EXE run as an administrator by default in WIN8?
Method for deleting invalid icons in Windows notification area
Win8/8.1 how to right-click add anti-virus software WD scanning function