Detection of Attacks in Storage Area Networks

Abstract

Storage-area networks are a popular and efficient way of building large storage systems, both in an enterprise environment and for multi-domain storage service providers, in which requires high availability, confidentiality, integrity and performance. In such frameworks, all hosts connect to storage through a network. There is more security risk than traditional storage system. Available intrusion detection systems do not apply efficiently to SANs environments due to the use of static rules and the lack of cooperation between detection modules. Furthermore, detection components may be compromised if the intruder gains access to the system. Moreover, detection is performed for the most proposed solutions at the system and network levels. The purpose of this theses is to develop a Storage based intrusion detection technique to detect lateral movement attack in using Storage area network providing a shared folder as a first test using BRO network analyzer which is an open source network security platform. Lateral movement attack is one of the phases of Advance Persistent Threat attack during which the attacker progressively moves from one system to another in the network, exploit credentials to perform pass the hash attack, escalate privileges, and finally reaching his final targets which are critical systems where key data and assets resides. Although there are many methods of performing lateral movement attack, we have evaluated our detection mechanism against two of the most common lateral movement methods: PSEXEC Windows Management Instrumentation. One of the consequences of a successful lateral movement attack can be the unauthorized access to personal and financial information of a corporate or organization.