Storage security is an emerging issue

By the451.com, Special to searchStorage 12 Oct 2001 | the451.com

Digg This!     StumbleUpon     Del.icio.us

Security, as related to storage, is a somewhat neglected area. But it's one that is likely to receive more attention in the future, particularly as IP-based storage area networks begin to be implemented. Hackers typically aren't familiar with the inner workings of fiber channel. But IP is a different matter altogether, and the whole idea of storage pooling, whereby any host has access to data, presents a nightmare to security administrators.

"The SAN industry is relatively new," says Evaluator Group analyst Dennis Martin, "and some of the security issues are only now being considered." Storage devices, the fabric and network devices and the host server operating system all have their security issues.

The switch vendors have implemented such things as LUN masking and zoning, which enables the SAN to be split up into logical units and accessed only by designated servers ? but Martin says this has been implemented more from an interoperability standpoint than from a security one. There is not yet a proper concept of a 'trusted switch,' comparable to IP-based trusted servers, although Brocade and others are now working toward it.

Currently, of course, most SANs are behind the firewall. But one of the attractions of IP storage is that it will be able to connect to the outside IP-based infrastructure, including the public Internet, in order to join together remote 'islands of information.'

In theory, IP networks should be more secure than fiber channel, because more work has been done on security in the local and wide-area networking field. Both IP and fiber channel rely on trusted clients, however, and there are far more IP-based tools easily obtainable that the malicious population can use to gain access.

The earliest releases of SAN management software had no security components at all. That has now started to change. FalconStor, for instance, has added authorization policies to its IPStor product, and uses IPSec and VPN technologies to encrypt storage data as it travels over the network, so that SANs can be extended using shared networks, such as the Internet. IPStor utilizes key-based authentication to eliminate the possibilities of spoofing.

Tags: Product,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Product EMC overhauls ControlCenter Department of Homeland Security automates storage ISCSI brings VMware to a new audience IBM adds more FC, DAS products; dithers on iSCSI Users: Onaro SAN management tool could do more EMC plays catch-up with Clariion Revamped Cisco WAFS worth the wait, users say Exchange 2007 storage enhancements: Cure-all or Band-Aid? Storage Clips: Vicom introduces data migration service NetApp launches $5K box for small businesses

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary