Security, as related to storage, is a somewhat neglected area. But it's one that is likely to receive more attention in the future, particularly as IP-based storage area networks begin to be implemented. Hackers typically aren't familiar with the inner workings of fiber channel. But IP is a different matter altogether, and the whole idea of storage pooling, whereby any host has access to data, presents a nightmare to security admin...
"The SAN industry is relatively new," says Evaluator Group analyst Dennis Martin, "and some of the security issues are only now being considered." Storage devices, the fabric and network devices and the host server operating system all have their security issues.
The switch vendors have implemented such things as LUN masking and zoning, which enables the SAN to be split up into logical units and accessed only by designated servers ? but Martin says this has been implemented more from an interoperability standpoint than from a security one. There is not yet a proper concept of a 'trusted switch,' comparable to IP-based trusted servers, although Brocade and others are now working toward it.
Currently, of course, most SANs are behind the firewall. But one of the attractions of IP storage is that it will be able to connect to the outside IP-based infrastructure, including the public Internet, in order to join together remote 'islands of information.'
In theory, IP networks should be more secure than fiber channel, because more work has been done on security in the local and wide-area networking field. Both IP and fiber channel rely on trusted clients, however, and there are far more IP-based tools easily obtainable that the malicious population can use to gain access.
The earliest releases of SAN management software had no security components at all. That has now started to change. FalconStor, for instance, has added authorization policies to its IPStor product, and uses IPSec and VPN technologies to encrypt storage data as it travels over the network, so that SANs can be extended using shared networks, such as the Internet. IPStor utilizes key-based authentication to eliminate the possibilities of spoofing.
the451 (www.the451.com) is an analyst firm that provides timely, detailed and independent analysis of news in technology, communications and media - to evaluate the service click here.