IP SAN security a matter of dedication: SAN's strength is also its weakness.Last month, we shared a high-level look at some of the issues that exist for SANs based on Fibre Channel technology. But stopping there would only be telling half the story. SAN communications are moving to IP-based networks, making them vulnerable to many of the attacks made on corporate networks, such as spoofing (1) Faking the sending address of a transmission in order to gain illegal entry into a secure system. See e-mail spoofing. (2) Creating fake responses or signals in order to keep a session active and prevent timeouts. , sniffing, denial of service attacks An assault on a network that floods it with so many additional requests that regular traffic is either slowed or completely interrupted. Unlike a virus or worm, which can cause severe damage to databases, a denial of service attack interrupts network service for some period. , untrusted networks, and basic physical security (including keypads, armed guards and the like). In both of these articles, it should be clear that the strength of the SAN in facilitating communications between many hosts and their stored data constitutes something of a weakness, too. First, SAN devices should be physically secured. This was relatively simple to accomplish when SANs existed mainly in well-protected data centers. But as SANs grow more distributed and their devices sit in branch office closets, physical security is tougher to guarantee. Simply walking off with a few disk drives would cause terabytes of sensitive data to evaporate e·vap·o·rate v. 1. To convert or change into a vapor; volatilize. 2. To produce vapor. 3. To draw or pass off in the form of vapor. 4. into the hands of either a professional thief or a disgruntled dis·grun·tle tr.v. dis·grun·tled, dis·grun·tling, dis·grun·tles To make discontented. [dis- + gruntle, to grumble (from Middle English gruntelen; see employee. IP is easier to attack but also easier to monitor. One of the major issues introduced by running SANs over IP networks is the opportunity to sniff network traffic. Although it's possible to sniff a Fibre Channel network, it is much more difficult than sniffing an IP-based network. Therefore, IT managers should use existing technologies such as IPSec to encrypt SAN traffic and prevent unauthorized eavesdropping Secretly gaining unauthorized access to confidential communications. Examples include listening to radio transmissions or using laser interferometers to reconstitute conversations by reflecting laser beams off windows that are vibrating in synchrony to the sound in the room. . IP Security IPSec is a standards suite developed by IETF See Internet Engineering Task Force. IETF - Internet Engineering Task Force . When IPSec is built into IP security products and software, information that can be intercepted is enciphered. The standard includes protocols for authentication (1) Verifying the integrity of a transmitted message. See message integrity, e-mail authentication and MAC. (2) Verifying the identity of a user logging into a network. , integrity and privacy in large or small networks. It also secures communications at the network level rather than addressing the applications level. In this way, IPSec protects the network while being application-neutral. Another critical aspect of SAN security is authorization and authentication, controlling who has access to what within the SAN. Currently, the level of authentication and authorization for SANs is not as detailed and granular as it should be. Most security relies on measures implemented at the application level of the program requesting the data, not at the storage device, which leaves the physical device vulnerable. However, using security protocols like public or private key exchanges or Kerberos, transactions can take place only between included parties. This guarantees that the data is received from a trusted source. The public/private key infrastructure uses two keys to encrypt and decrypt To convert secretly coded data (encrypted data) back into its original form. Contrast with encrypt. See plaintext and cryptography. . Encoding is accomplished with the public key, and decoding de·code tr.v. de·cod·ed, de·cod·ing, de·codes 1. To convert from code into plain text. 2. To convert from a scrambled electronic signal into an interpretable one. 3. is done with the private key. One popular way to implement authorization on a SAN is zoning, which is similar to network VLANs (virtual LANs), segmenting networks and controlling which storage devices can be accessed by which servers. With zoning, an IP switch can be configured to say, "Server A can only communicate with Storage Device X." Although this provides one layer of security, it does not give any granular control over data access. Administrators have no way of knowing whether the data request coming from Server A is legitimate. LUN Masking is a popular form of LUN security. The approach creates a buffer that blocks the LUN from answering a SCSI Inquiry command The SCSI Inquiry command is used to obtain basic information from a target device. The CDB structure is: bit→ ↓byte 7 6 5 4 3 2 1 0 0 Operation code = 12h 1 LUN Reserved EVPD 2 Page code 3 Reserved 4 Allocation length 5 Control . The LUN is still there and available. You can write to it if you like. Interoperability The lack of interoperability among storage devices also creates security problems. Each vendor designs its own technology and architecture, which makes communication between devices difficult, if not impossible. Led by the Storage Networking Industry Association An association of producers and consumers of storage networking products, whose goal is to further storage networking technology and applications. The Storage Networking Industry Association, or SNIA , standards are under development to improve the interoperability and security of storage networks. SAN security is increasingly important to IT leaders, especially as they begin to deploy global storage networks. Users are looking to IP SANs to act as a relief to the pressure that enterprises, SMEs and SMBs face. But security is very much a discipline that requires regular follow-through and sensible attention. Playing a blame game once data has been stolen will not bring that data back into the right hands. Protecting data at rest through encryption from companies ranging from NeoScale to Vormetrics might bring a latency to the SAN; but the user must weigh the alternative ... insecure data. Protecting data in transit with an IPSec solution or a VPN-style solution presents similar alternatives. Finally, the need for such disciplines as physical security and password administration (see February CTR See click-through rate. ) is necessary for FC or IP SANs. www.IETF.org |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion