Problem solve Get help with specific problems with your technologies, process and projects.

Are you ready for storage security standards?

Get your security policies in place, standards are on the way

Dr. Vijay Ahuja
Founder and President, Cipher Solutions Inc.
Dr. Vijay Ahuja is the president and founder of Cipher Solutions Inc., a professional services company that assists its clients in implementing storage security and offers customized seminars on storage and network security issues. Dr. Ahuja has been an industry leader in network security and more recently in storage security.

Storage security has been in limelight for last two to three years. There has been an earnest effort by vendors, consortia and standards bodies to design, develop, document and deliver some of the security technologies to protect storage network resources.

From the perspective of storage security standards, ANSI's T11 Technical Committee's Fibre Channel Security Protocols (FC SP) Workgroup has been developing security standards for Fibre Channel and the first working draft of the document has been just published. This document is the start of what should evolve into a comprehensive set of Fibre Channel security standards. This working draft includes the first significant step in storage security – authenticating the storage network entities.

The scope of the draft document includes:

  • Protocols to authenticate and setup secrets for Fibre Channel entities
  • Protocols for frame-by-frame integrity and confidentiality
  • Protocols to define and distribute security policies

The draft has detailed descriptions of some of the authentication protocols. Three protocols are outlined:

  • DH CHAP (Diffie Hellman Challenge Handshake Authentication Protocol) based on well-known CHAP scheme
  • FCAP (Fibre Channel Authentication Protocol) using digital certificates
  • FCPAP (Fibre Channel Password Authentication and Key Exchange Protocol) using Secure Remote Password (SRP) scheme

Each protocol provides for authenticating the storage entities and optionally generates a shared secret key among the authenticating entities. These shared keys may be used for possible confidentiality of frames using IPSec ESP protocol. DH CHAP is mandatory, while FCAP and FCPAP are optional authentication protocols. The draft document is dated March 2, 2003 and is available as document number T11/03-149v0. It is termed as "a working draft" and as such it is subject to changes and revisions until finalized.

So what does it mean for an enterprise? The answer lies in your storage security policies. You should roll out security technologies according to your storage security needs. In terms of standards, the security protocols for Fibre Channel are being developed in the following order:

  • Storage authentication protocols to authenticate entities within storage networks
  • Details of protocols to provide confidentiality
  • Integrity of Fibre Channel data at frame level

Dig Deeper on Data storage strategy

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.