The Basics of SAN Security, Part I
Today, as organizations continue to broaden their reach to business partners and customers around the globe, they expose their IT systems to an ever wider range of potential security threats. Furthermore, data theft, eavesdropping, fraud, and hacker attempts increasingly threaten secure electronic information exchange within the enterprise and across public networks (e.g, such as the Internet).
Because IT systems are only as secure as the weakest link in the network, organizations need to consider outsourcing their data storage security needs to one vendor, which will help them develop a comprehensive security plan and architecture that helps ensure safe, reliable data processing throughout a Storage Area Network (SAN). In other words, an organization needs an integrated solution that addresses a wide variety of potential security threats-thus, enabling a robust, mission-critical SAN infrastructure.
In this, the first part of a two part article on SAN security, I will look at some of the basic principles you need to be aware of when securing your SAN.
Increasing Security Concerns
The recent terrorist attacks of 9-11 and the explosion in e-business activity and Internet commerce has provided organizations with unlimited opportunities for developing new information delivery channels. At a minimum, online expansion opens up a whole new world of possibilities, such as increased efficiency, reduced costs, improved enterprise-wide communications, shorter time-to-market, and wider market reach. Organizations must be careful, however, to balance their need to expand with their ability to protect enterprise data.
Furthermore, organizations found it much more difficult to effectively secure their critical business networks, applications, and data, as the popularity of distributed client/server networks steadily rose throughout the 1990s. The potential frequency and severity of computer security incidents has only increased, because of the emergence and growth of public networks such as the Internet. As a result, for organizations participating in the e-business arena, information security is perhaps the greatest concern.
Organizations should fully define their security requirements for a SAN fabric by establishing a set of security domains, while identifying the potential points of vulnerability in their networks. These domains typically define different categories of communications that must be protected by the fabric security architecture. These domains include:
Administrator-to-Security Management Domain
Administrator access controls work in conjunction with security management functions. Because security management impacts the security policy and configuration of the entire SAN fabric, administrator-level fabric password access provides primary control over security configurations.
Individual device ports are bound to a set of one or more switch ports using access control lists (ACLs) in host-to-switch communications. Device ports are specified by world wide name (WWN) spoofing, which typically represent HBAs.
Security Management-to-Fabric Domain
A security management function should encrypt appropriate data elements (along with a random number) with the switch's public key. The switch then decrypts the data element with its private key.
The switches should enforce the security policy in secure switch-to-switch communications. By using digital certificates and ACLs, the security management function initializes switches. Switches exchange these credentials during mutual authentication, prior to establishing any communications. This practice ensures that only authenticated and authorized switches can join as members of the SAN fabric or a specific fabric zone. Furthermore, this authentication process prevents an unauthorized switch (for example, a switch in a co-location scenario) from attaching to the fabric through a port. Basic inter-fabric switch-to-switch security includes, but is not limited to: Mutual authentication performed between two switches using public key technology and digital certificates; and, switch alarms (such as Simple Network Management Protocol (SNMP) trap notifications) for authorized security management or other system managers.
With the preceding discussion in mind, let's now turn to multiple technologies and methodologies that are used to provide the highest level of security for SANs. The following discussion is about data access and security; fabric management and protection technologies; and, methodologies that provide security and management for storage area networks.