This article can also be found in the Premium Editorial Download "Storage magazine: Should you consolidate your direct-attached storage (DAS)?."
Download it now to read this article plus other related content.
The key is to focus on the concerns of today and tomorrow, but learn from the past and keep an eye out for the headaches of next week. With SAN security, this means watching the current pathways into the SAN and securing management interfaces in the short term. In the long term, larger SANs--extended with technologies like iSCSI and virtualization--need dedicated focus and products to enhance security. Now is the time to prepare for this future, but a lack of shipping products means implementation will have to wait.
Confidentiality, integrity and availability Security breaches are often assumed to involve someone gaining access to information, but can also involve disruption of operations. In general, the topic of security focuses on three areas, each with its own risks and responses:
- Confidentiality: preventing unauthorized viewing and copying of data
- Integrity: preventing the loss or modification of data
- Availability: ensuring that data is continuously available for operations
Ensuring data integrity relies on much the same access controls just mentioned. Locking out access to data keeps it safe. But like confidentiality, integrity can be hard to measure because prying eyes and meddling hands can leave a seemingly intact copy of data behind.
While modification of data can be far more insidious than a loss of availability, howls of users when systems fail make it difficult to avoid attacking the problem. But their howls will be louder if it's evident that a security breach caused the outage. Here again, access control is the key, but brute-force attack can be much more difficult to defend against.
Maintain your integrity
So far, most of the security focus for storage managers has been on physically limiting access to equipment and to a lesser extent, securing the SAN fabric itself from unauthorized use. Currently, most storage networks are limited to a single data center room with tight physical security. But this is changing, as replication technologies begin to use standard Fibre Channel (FC) and IP connectivity rather than more proprietary encapsulation methods. As iSCSI allows storage to make the leap to IP on Ethernet LANs, more and more storage networks will break out of the data center. Once this happens, the security of access-controlled data centers is destroyed.
Although not always recognized as a security-related task, ensuring availability in an FC fabric is common practice for storage designers and managers. Redundant fabrics, multiple data paths, redundant equipment and business continuance copies are commonly employed to improve availability in the event of mistakes and failures. There are also other potential paths for attackers: insecure hosts, backup tapes, retired hardware and inside jobs.
Even the most secure SAN can't protect data once a connected host has been compromised. By far the most common breach of SAN integrity is caused by accidental misconfiguration, rather than malicious attack. Most SAN managers have seen cases where a host "stepped on" another host's SAN LUNs. Even if it hasn't happened to them, the storage and systems administrators I talk to are concerned, and employ techniques like LUN masking on the array and zoning on the fabric to prevent it. Every SAN should use these techniques to ensure data integrity, and offline backup copies are required to recover from data corruption.
Next, to protect the confidentiality of your data, don't forget to secure your backup tapes. Every day, a complete image of your storage infrastructure is sent out the door. Are you sure those tapes went out with the right people?
This was first published in June 2003