• Software-enforced zoning allows anyone to obtain a list of authorized WWNs:
– Intruder can then spoof a WWN to gain access to storage resources
– WWN spoofing was very easy to do in most HBA drivers…
If an intruder can access a list of authorized WWNs, it can then spoof a WWN to gain access to storage resources. WWN spoofing is very easy to do—some HBA drivers even allow administrators to specify the HBA’s WWN. This means that software-enforced WWN zoning is not very secure at all.