Storage Boards Cleanup
To make it easier to find information about HPE Storage products and solutions, we are doing spring cleaning. This includes consolidation of some older boards, and a simpler structure that more accurately reflects how people use HPE Storage.
HPE StoreVirtual Storage / LeftHand
cancel
Showing results for 
Search instead for 
Did you mean: 

HP P4300 G2 underlying OS and ShellShock

NDBT
Advisor

HP P4300 G2 underlying OS and ShellShock

Is the underlying OS on the HP P4300 G2 devices susceptible to the Shellshock vulnerability reported last week?

3 REPLIES
oikjn
Honored Contributor

Re: HP P4300 G2 underlying OS and ShellShock

I'd assume so since it seems to be a universal issue.  We keep things blocked off at the firewall level so the SAN subnet can only talk with our other SAN subnet and then only with select computers on our trusted LANs so the potential for an exploit should be rather limited.  I wouldn't be too concerned unless you have your nodes open to the internet for some odd reason or are concerned about someone doing a targeted attach on you, but your firewall should provide enough seporation against any script kiddy.

NDBT
Advisor

Re: HP P4300 G2 underlying OS and ShellShock

That all makes sense.  I am thinking more about our auditors asking if we've taken precautions against the threat.

 

oikjn
Honored Contributor

Re: HP P4300 G2 underlying OS and ShellShock

guess it depends on your environment, but if you can limit access to the SAN subnet and control things at the router/firewall point, then you should be able to make the argument that you have taken appropriate precautions.  Not knowing what the auditors are auditing to, I can't say if that will be enough, but the only ones I have to deal with are through ISO 9001:2008 and they would be satisfied with this protection plan (we didn't write in any extra requirements for IT over the basic ones).