Security and management networks, a dynamic duo
Dr. Vijay Ahuja|
Founder and President,
|Cipher Solutions Inc.
Dr. Vijay Ahuja is the president and founder of Cipher Solutions Inc., a professional services company that assists its clients in implementing storage security and offers customized seminars on storage and network security issues. Dr. Ahuja has been an industry leader in network security and more recently in storage security.
Security and management are commonly treated as secondary topics while implementing any IT solution. Storage networks are no exception. While there is a concerted effort underway to secure the storage networks, the security of managing storage networks is just starting. In most presentations I have made, a straw poll of the audience indicated that management networks are the most vulnerable part of the storage environment.
There are three types of components that participate in managing storage networks.
1. A management workstation
2. The management server
3. The management client residing in the managed storage entity
It is important to evaluate the security of management data while in store or in transit among the above three components.
There are multiple ways in which management data may be transported. It may be over a browser-based exchange, a client-server protocol, a command-line based exchange over TCP/IP or over SNMP.
Any browser-server-based exchange must use traditional security protocols such as SSL (Secure Sockets Layer) or TLS (Transport Layer Security). For a client-server model, the two endpoints should deploy a security scheme using access controls and encryption schemes. Alternatively, an SSL toolkit may be implemented that will present APIs to secure the traffic between the endpoints. For traffic using TCP/IP, SSH (Secure Shell) is a commonly available technology. SNMP was originally designed with little or no security. SNMP version 2 provides security, but has not been widely deployed by major vendors.
More importantly, it is critical that you implement appropriate policies and practices for your storage management network. For example, a storage management network should not be connected to other corporate LANs or management LANs. Any such access may compromise the security of your stored data. Storage networks may be managed by implementing either in-band or out-of-band scheme.
Finally, there is significant work underway at SNIA
on an extensible interface for storage management. SNIA is working on SMI (Storage Management Initiative) is the storage piece of the CIM (Common Information Model). SMI security is being developed by SNIA.
This was first published in September 2003
Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.