• Privilege escalation includes cracked or stolen passwords, privilege escalation hacks, buffer overflow attacks, and social engineering. Unintended privileges resulting from poor administration can also be a problem.
• Application tampering means altering code to gain access to systems. This includes trojans, worms, and directly applied malicious patches.
• Unauthorized connections can be made to SAN switches. • Data tampering can occur while data is at rest (on disk) or in transit (flowing across the SAN). Stored data can be accessed and altered via block storage access (e.g. direct SCSI-FCP access to LUNs) or via host file systems.
• Tapes, servers, and even hard drives can be physically stolen and their contents can be read unless encrypted.