This article can also be found in the Premium Editorial Download "Storage magazine: New rules change data retention game."
Download it now to read this article plus other related content.
There are numerous threats to NAS data and many different ways to protect it. The trick is to find the right level of protection for the perceived risk.
NAS is vulnerable to many of the exploits that plague Windows-based systems: viruses, worms, unauthorized access, data tampering, snooping and IP spoofing. But even though NAS runs on ubiquitous Ethernet and TCP/IP transport protocols, it's fairly easy to protect. The tough part is finding the right level of protection.
Any good security framework contains multiple security layers. If one layer is compromised, the target of the attack is still protected by other layers. In the case of NAS, network perimeter security is the outermost shield that keeps unauthorized people out of your LAN and storage network. If an attacker penetrates your perimeter security, authentication and file-access authorization will prevent access to files and folders on the NAS; and unless an attacker can guess an authorized account and its password, your data will still be protected.
Prioritization and fortification of those areas with the highest risk is another guiding principle. It's important to secure each area appropriate to its risk by finding a balance between what's required and what's overkill. For example, while multifactor authentication using a password and token or biometric identification may be a requirement for financial firms, password authentication harnessing Active Directory with a strong password
Audits are an often-neglected aspect of security. It's only through testing that you can ensure the security measures in place actually work. These NAS security areas need to be addressed:
- Network security
- Access control
- Security updates
- Audit trails and security logs
- NAS management
This was first published in September 2007