back to article IBM warns Storwize arrays can DELETE ALL DATA

IBM has issued a warning to owners of its Storwize arrays, SAN Volume Controller and Flex System V7000, because all are at risk of having their contents erased. Big Blue’s warning about the problem is blunt: “Administrative access to the system via the IP interface may be obtained without authentication.” That’s bad news …

COMMENTS

This topic is closed for new posts.
  1. jake Silver badge

    What kind of idiot/numptie ...

    ... manages this category of server with a web browser? IBM, are you insane?

    Honestly, the mind boggles.

    1. seven of five Silver badge

      Re: What kind of idiot/numptie ...

      Unfortunately, said webserver is not optional. IBM is so exceptionally proud of their "special" [1] XIV interface they now force it upon everything they have. Persistent rumor claims the TSM server will be the next lucky one.

      Oh joy.

      [1] personally, I´d say "special" as in "special school"

      1. Matt Bryant Silver badge
        Pirate

        Re: seven of five Re: What kind of idiot/numptie ...

        IBM are not alone in using web interfaces, and whilst I haven't read the V7000 manuals for a while I'm pretty sure they advise securing the admin port just like other vendors do for their admin ports. The problem is customers that ignore the advice (or don't read the manuals) and then act all surprised when it all goes tits up. I have worked for companies where not only did they put admin interfaces onto the main corporate LAN, but they also had pretty flakey security on the Internet-facing bits of the Wifi access to the same corporate LAN. Put all your eggs in one basket and you better get ready for a mess.

        1. seven of five Silver badge

          Re: seven of five What kind of idiot/numptie ...

          Hi Matt,

          Of course they advise to secure the admin port. Which helps exactly zilch if: "Administrative access to the system via the IP interface may be obtained without authentication".

          Apart from this, you seem to have the same customers as me, more often than not security is run over by convenience. It is all sad.

          1. Matt Bryant Silver badge
            Happy

            Re: seven of five What kind of idiot/numptie ...

            ".....you seem to have the same customers as me....." It's actually worse as a permie than a contractor as you can't just walk away from the mess when your work is signed off, you have to stick around and try an educate manglement.

  2. Choofer

    Seriously though..

    Who exposes the management interfaces of infrastructure on the user network? Surely every man and his dog restricts access to these interfaces to a management network which is ACL'd and monitored?

    1. jake Silver badge

      Re: Seriously though..

      Back in the day, we called it "out of band signaling".

      TCP/IP wasn't exactly designed with security in mind ...

      1. Down not across

        Re: Seriously though..

        "TCP/IP wasn't exactly designed with security in mind ..."

        Which is why at the very least any mangement interfaces should be on their own network. Preferably separate physical network, but at least a separate VLAN.

  3. ecofeco Silver badge
    Facepalm

    As I was saying...

    Boondogglery.

    They haz it.

  4. M. B.

    I think...

    ...more accurately the arrays can't "delete all data" but that someone could gain access to do so without authenticating.

    It's not like there's a huge flaw in the array that results in data disappearing all of a sudden, this is no different than HP's slip up with the MSA storage arrays having a default account.

    Proper segregation of management and production networks to isolate these management shells/GUIs should be best practice just about everywhere (although it's probably not, so maybe this actually will be a problem for a few customers).

    1. Anonymous Coward
      Anonymous Coward

      Re: I think...

      Really what IBM (and others for that matter) should be able to do is to:

      a) restrict access to the GUI from a certain IP address or range of IP addresses

      b) have a CLI command which lets you turn the damn thing off.

      Of course, a) is standard stuff in any data centre - block access at the network level. And put your important stuff on a separate network. You shouldn't really need to be able to switch it off if you can block access.

      b) is only really of use for experienced admins, who probably don't use the GUI anyway. There are some things you can't easily do on the CLI though (some of maintenance procedures).

      The bigger problem is the fact that customers nowadays demand that vendors use commodity hardware and software in their products. They fear custom hardware and vendor lock-in. They also want nice easy to use interfaces. This won't be the only product or the only vendor affected by this bug.

      Oh, and while someone could in theory delete all of the configuration, that same configuration can be quite quickly rebuilt with not much loss of data. Most storage vendors store configuration in the form of metadata on the underlying disk drives, or externally, as a backup in case things go tits up, and storwize is no exception. You'd get some downtime though.

      Of course, anyone worth their money in this industry knows that you should expect all products to go wrong, and the best you can do is architect your overall solution to minimise the impact that that has on the business.

  5. Solmyr ibn Wali Barad
    Mushroom

    "Most storage vendors store configuration in the form of metadata on the underlying disk drives"

    Don't know about Storwize, but I'd say most storage boxes have a way to nuke metadata from the shell. And not particularly secret. Like any administrative access - plenty of ways to aim for the foot.

    It's always a good idea to keep management network separated from the public ones.

This topic is closed for new posts.

Other stories you might like