Storage Area Networks (SANs) may be the future of networked storage, but the networking technology could be an open invitation for hackers to access your data.
According to Himanshu Dwivedi, managing security architect at @stake, Inc., and a speaker at the SearchStorage.com Storage Management 2002 conference held in Chicago last week, SANs are a gateway for hackers to tap in to a businesses' network.
The weakest link: The Fibre Channel connection.
"Hackers will try to gain access through the path of least resistance," said Dwivedi. "We are seeing the same problems in the Fibre Channel that you saw in the IP networked based world in the late 80's."
One of the things storage administrators do have going for them notes Dwivedi is that they know exactly how their networks are configured.
"Ninety-nine percent of unauthorized users get into the network because of bad configuration, not by some elite, super method," said Dwivedi. "The biggest problem a hacker has is figuring out what your SAN looks like.
There are some short-term solutions that were recommended by Dwivedi. He says there are two major areas where administrators can shore up their SANs. The first is by segmentation. This means a logical segmentation of management traffic from data traffic. Most hackers, Dwivedi said will logically be going after a company's most prized data.
The second is in the switch configuration. Under this umbrella, there are three areas to secure the network; Simple Name Server hard and soft zoning, port binding and port type controls.
Aside from these solutions, users break it down to a more simple solution.
"The main thing about security is just being proactive," said Ray Drake from Lincoln Electric System in Lincoln, Neb.
Drake, who manages a 200-server data center is also in the middle of a major SAN implementation and security audit with an outside consulting firm.
"We are in the middle of a SAN implementation but at the same time we are also in the fifth or sixth month of a security analysis. Once we complete that, we'll have a better idea where the holes are," said Drake.
Dwivedi also recommends that storage professionals consider the amount of layers internal and external users see.
"You have to make it difficult for the hackers. Six or seven layers may not be enough a single compromised server may open the gateway to a SAN," said Dwivedi. "One to two layers is also not enough for the internal network."
Maybe the best advice Dwivedi offered was to remind users, if they aren't using a part of their network, disable it. This he says will limit your exposure to certain types of hackers.
For more information:
Have a question about storage security? Ask expert Vijay Ahuja to help you stay hack-free.
Article: What tools for checking NT security are there?
Article: Storage security round-up
Himanshu Dwivedi's company, @stake, Inc.