Access over Ethernet: Insecurities in AoE ------------------------------------------ ATA over Ethernet (AoE) is an open standards based protocol which allows direct network access to disk drives by client hosts. AoE has been incorporated into the mainstream Linux kernel, recently been the subject of a Slashdot article, and it appears that it is a SAN technology which is here to stay. This paper investigates the insecurities present in the AoE protocol and suggests how you can deploy AoE infrastructure without worrying about a wide scale compromise. The paper can be downloaded from the whitepapers section of our website. http://www.security-assessment.com Morgan Marquis-Boire Security Consultant Security-Assessment.com Ltd ------------------------------------------------------------ CONFIDENTIALITY NOTICE: This message and any attachment(s) are confidential and proprietary. They may also be privileged or otherwise protected from disclosure. If you are not the intended recipient, advise the sender and delete this message and any attachment from your system. If you are not the intended recipient, you are not authorised to use or copy this message or attachment or disclose the contents to any other person. Views expressed are not necessarily endorsed by Security-Assessment.com Limited. Please note that this communication does not designate an information system for the purposes of the New Zealand Electronic Transactions Act 2002.