0

In order to share files between two systems, an IT department has decided to share disk storage in a SAN device. The volumes are shared by NFS. The two machines mount the same volume in the SAN.

The problem is that the two machines are in different security zones. Machine A is trusted but we assume machine B is compromised (not trusted).

For example, any malicious file created by the compromised machine will be available to the trusted machine but if nobody executes the malicious file I suppose there is no impact.

What are the security risks for the trusted machine?

What security measure can be implemented in order to protect the trusted machine from the compromised machine?

Eloy Roldán Paredes
  • 1,507
  • 12
  • 25
  • I might argue that if the machines have shared storage that they are absolutely not in different security zones, independent of how you choose to label them. – Neil Smithline Jan 16 '16 at 21:20
  • That's true but in my opinion to be in different security zones does not mean that the machines are completely uncommunicated. In fact may exist rules that allow traffic through specific protocols and ports from a security zone to other. – Eloy Roldán Paredes Jan 18 '16 at 07:50

0 Answers0