Troubleshooting
Problem
For security scan report as that unauthenticated access of iSCSI targets is allowed, Reported components are iSCSI targets i.e. storage disks.
Symptom
Internal vulnerability assessment scanning has detected high risk vulnerability on PureData Mini Mako Appliance.
The following iSCSI targets allow unauthenticated access :
-ha1.spudisk.04-00-07-00
-ha1.spudisk.04-00-06-00
-ha1.spudisk.04-00-05-00
-ha1.spudisk.04-00-04-00
Diagnosing The Problem
- Netezza storage disks can only be accessed by SPUs and the security issue is not clear because the strange iSCSI device names.
- Mako UltraLite consists of only 2 host servers and virtual SPU and virtual storage disks. Those iSCSI name should be like spa1.diskEncl1.disk1.
- Port 3260 is for virtual SPUs to access iSCSI (virtual storage disks).
- Mako UltraLite has no physical SPU and storage disks and the design for this Mako Lite is different from other Netezza appliances.
Resolving The Problem
Action Plan: Performing this action needs NPS downtimeof 1 hr. Contact Support for fixing this issue.
- Port 3260 is default for accessing iSCSI
- Change tgtd service to be configured to listen only
Run vulnerability scan to confirm the issue is fixed.
Was this topic helpful?
Document Information
Modified date:
17 October 2019
UID
swg22007627