× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. March 2021

Re: VTL attacks

My knowledge of the various vendor solutions say that each has different vulnerabilities.

As was stated there should be FC from i to the VTL for 'tape' access and Ethernet for admin. In our cloud that access is on the second most secure network we have. So your network guys thinking it should be better protected are correct IMHO. How crazy do you get, that's a good question. Getting the mac address level seems a tick 'too crazy'.

This is very fine and true for shops who do NOT replicate their tapes off-site with said VTL.

Soon as you do that you MUST open up at least some additional communications to enable that replication. This is done via TCP/IP (typically) so one must be very 'picky' (selective?) on how that link is configured. Generally we use various rules int he firewall to limit that connection to a single IP address and a list of ports (the list is two ports long) that is allowed to connect the two units.

I do know some of the units run on a common Linux platform and can share with NFS etc and theoretically I suppose you could crank up SAMBA if you wanted to be that dumb. Other vendors are MUCH more hardened and greatly restrict access to the machine with near zero CLI capabilities and only HTTPS for admin.

The concept of 'air-gapping' with copy to physical tape isn't all bad.

FYI thus far I have never heard of a VTL being attacked by ransomware.

- DrF


On 3/25/2021 10:33 AM, Rob Berendt wrote:
I get the concept that some are concerned that someone could ransomeware a Virtual Tape Library.
(If you send me an email asking me if I know of any ransomware attacks against what I'm using and that I should be using yours instead that will be an automatic blacklisting of your email address. Seriously, I'm tired of it.)

Does anyone know of any VTL's attacked by ransomware? I'm currently using EMC Data Domain 2500's and I do not know of any.

There's talk of putting them on their own vlan. Restricting by IP address, MAC address, etc. Things which will make it oh so much difficult to access them. Am I working from my desk? Lan or wifi? Home via VPN? Data center A? Data center B? What about the remote consultants who help with them, and typically use their VPN? Got a new PC, didn't think about the new mac address vs the VTL, which you rarely connect to and now you're in crisis mode? Let me contact the consultants and see if they can find someone to get you configured.


Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 7310 Innovation Blvd, Suite 104
Ft. Wayne, IN 46818
Ship to: 7310 Innovation Blvd, Dock 9C
Ft. Wayne, IN 46818
http://www.dekko.com



As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.