If a SAN is not properly configured and protected, it exposes data to a long list of threats: denial-of-service...
attacks, unauthorized access, data theft, and corruption. Most experts will put the threat of insiders –- malicious or otherwise –- at the top of this list. While most organizations concentrate solely on controlling user access to the data stored in their SAN, you must also look at all aspects of the security covering administrative access to the arrays.
Start by looking at your recruitment procedures for admin staff. To reduce the chances of a malicious insider, work closely with the HR department to ensure employees with access to sensitive SAN data are thoroughly vetted, and termination of employment procedures include removal of network and building-access rights. All administrators should be trained on storage security issues specific to SANs and be fully conversant with your SAN security policies and procedures. These must include robust logging and change-management processes. Role-based access control (RBAC) is essential to ensure separation of duties so a single administrator cannot subvert your policies and procedures.
To limit the possibility of an administrator having read or write access to data held in the SAN, limit what storage can be accessed by his or her computer. The two most common methods of doing this are zoning and logical unit number (LUN) masking. Zones are similar to VLANs in data networking in the way they establish a virtual SAN within a SAN. LUN Masking restricts access even further to specific logical storage units. For each server connected to the SAN, LUN masking effectively masks off the LUNs that are not assigned to the server, allowing only the assigned LUNs to appear to the server's operating system.
Further protection can be provided by encrypting data stored in the SAN. All management interfaces, such as the communication channel between SAN management consoles and the target fabric being managed, must be secure to prevent any type of attacker from using a management tool to access a SAN. For array management, you can use a direct serial connection with a physical Fibre Channel connection to the controller which is more secure than a TCP/IP-based LAN connection.
The security of administrative access must also include physical security. The SAN should be located in a closed, physically secure environment isolated from the LAN (and the rest of the outside world, for that matter). This, in itself, will not thwart malicious insiders. Also focus on monitoring, access controls and logging mechanisms to limit the opportunities available to anyone trying to access the physical SAN systems or its management interfaces.
Some of the controls to consider should include:
- Electronic access card
- Biometric authentication
- Surveillance cameras
- Piggyback prevention
- Alarm system for fire, flood, and break-in
- Individually locked racks
- Separate racks with physical separation for dual fabrics
The benefits of a SAN include improved performance, accessibility, lower cost of ownership, and better management of organization data, and you are taking the right approach by assessing all the possible risks and attack vectors to which this central data store is vulnerable.
Related Q&A from Michael Cobb
Expert Michael Cobb explains how an HTTP referer header affects user privacy and outlines changes that can be made to ensure sensitive data is not ...continue reading
Expert Michael Cobb explains the difference between the REESSE3+ and IDEA block ciphers and explores when each is applicable in an enterprise setting.continue reading
While cookies are critical to delivering personalized Web content, they are a privacy concern. Learn how adding Bloom filters to cookies can help ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.