Manage Learn to apply best practices and optimize your operations.

Security and management networks, a dynamic duo

Security and management networks, a dynamic duo

Dr. Vijay Ahuja
Founder and President, Cipher Solutions Inc.
Dr. Vijay Ahuja is the president and founder of Cipher Solutions Inc., a professional services company that assists its clients in implementing storage security and offers customized seminars on storage and network security issues. Dr. Ahuja has been an industry leader in network security and more recently in storage security.

Security and management are commonly treated as secondary topics while implementing any IT solution. Storage networks are no exception. While there is a concerted effort underway to secure the storage networks, the security of managing storage networks is just starting. In most presentations I have made, a straw poll of the audience indicated that management networks are the most vulnerable part of the storage environment.

There are three types of components that participate in managing storage networks.

1. A management workstation
2. The management server
3. The management client residing in the managed storage entity

It is important to evaluate the security of management data while in store or in transit among the above three components.

There are multiple ways in which management data may be transported. It may be over a browser-based exchange, a client-server protocol, a command-line based exchange over TCP/IP or over SNMP.

Any browser-server-based exchange must use traditional security protocols such as SSL (Secure Sockets Layer) or TLS (Transport Layer Security). For a client-server model, the two endpoints should deploy a security scheme using access controls and encryption schemes. Alternatively, an SSL toolkit may be implemented that will present APIs to secure the traffic between the endpoints. For traffic using TCP/IP, SSH (Secure Shell) is a commonly available technology. SNMP was originally designed with little or no security. SNMP version 2 provides security, but has not been widely deployed by major vendors.

More importantly, it is critical that you implement appropriate policies and practices for your storage management network. For example, a storage management network should not be connected to other corporate LANs or management LANs. Any such access may compromise the security of your stored data. Storage networks may be managed by implementing either in-band or out-of-band scheme.

Finally, there is significant work underway at SNIA on an extensible interface for storage management. SNIA is working on SMI (Storage Management Initiative) is the storage piece of the CIM (Common Information Model). SMI security is being developed by SNIA.

Dig Deeper on Data storage strategy

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.