The Basics of SAN Security, Part I Page 3
Fabric-to-fabric security technologies permit Access Control Lists (ACLs) to allow or deny the addition of a new switch to the fabric. By controlling whether routed packets are forwarded or blocked at the router Interface are how access lists filter network traffic. For example, access lists can allow one host the right to access a certain part of the network and deny another host that same access. Access control lists provide a basic level of security for accessing the network.
So, for authenticating the identity of a new switch, Public Key Infrastructures (PKI) technology can be applied as a mechanism. Additionally, so that a new, out of-the-box switch does not become a non-secured access point, fabric-wide security databases help to ensure that all new authorized switches added to the fabric inherit fabric-wide security policies.
To allow or deny a particular host's Fibre Channel (FC) HBA from attaching to a specific port, host-to-fabric security technologies can apply ACLs at the port-level of the fabric. This would prevent an unauthorized intruder host from attaching to the fabric via any port. The host's ability to log into the fabric is explicitly defined and is allowed with this model.
To ensure that a trusted and secure management console-to-fabric communications layer exists, management-to-fabric technologies can use PKI and other encryption (such as md5) technologies. PKI and other encryption help ensure that the management console or framework used to control the fabric is authentic and authorized. In addition, encryption methodologies can restrict the number of switches on the fabric from which management and configuration changes are propagated to the rest of the fabric. That will create a SAN with a minimal number of security control points.
Configuration Integrity Technologies
Finally, configuration integrity refers to technologies that ensure propagated fabric configuration changes only come from one location at a time, and are correctly propagated to all switches in the fabric with integrity. The use of a a distributed lock manager is one way of ensuring that a serial and valid configuration change is enabled on the fabric.
Summary and Conclusions
Part I of this article has emphasized in no uncertain terms that locked doors are no longer sufficient to protect vital information, as new information delivery channels transcend traditional borders. Organizations, more than ever (while enabling flexibility and growth to provide the proper balance for the corporate security strategy and policy organizations) need to leverage advanced security solutions that minimize risk.
Therefore, by delivering shared storage in open, non-proprietary environments via any-to-any connectivity, SAN implementations make data highly available. Unless well thought out security policies are put into place to manage how devices interact within the SAN, the advantage of any-to-any connectivity can be a liability. In order to ensure data integrity, and to prevent unwanted access from unauthorized systems and users, shared storage in a SAN environment requires safeguards. Part I of this article briefly explored some of the technologies and their associated methodologies used to ensure data integrity, and to protect and manage the fabric. Each technology has advantages and disadvantages; and, each must be considered based on a well thought out SAN security strategy, developed during the SAN design phase.
Moreover, it is unwise to expect that the required level of security can be achieved from any one of the previously discussed technologies, independent of all others. Therefore, in order to ensure that the SAN is secure from unauthorized systems and users, the astute outsourced information storage architect (vendor) clearly understands that in a heterogeneous SAN environment (with diverse operating systems and vendor storage devices), that some combination or all of the aforementioned technologies could be required.
Finally, as the SAN infrastructure evolves and as new technologies emerge, the SAN security strategy must be periodically addressed. All in all, this will ensure that the proper level of security is maintained and the SAN fabric is properly managed.
But, wait! I'm not finished yet! A discussion of SAN security would not be complete without briefly touching on Fibre Channel security; and the benefits of SAN security itself. In Part II of this article we'll briefly discuss the Fibre Channel security areas to manage: configuration management, SAN access, and authentication and authorization. Finally, Part II also discusses the further realization of the benefits of securing Fibre Channel technologies and SANs.