Nth Generation provides end-to-end storage management solutions including storage area network (SAN), network attached storage (NAS) and enterprise backup solutions (EBS).
IT Consolidation
Information Lifecycle Management (ILM)
MaintenanceNet		 Contact UsCustomer Service
Nth University

Storage Area Network Information Center

   SECURE YOUR SAN

The data managed in your Storage Area Network (SAN) is highly sensitive and must be controlled to properly ensure confidentiality, integrity, and availability. This is no different than other IT infrastructures. In fact, you can simply augment your current corporate security policy to include SAN-specific security items.

POTENTIAL SECURITY THREATS

There are different ways, both intentional and accidental, in which SAN integrity can be compromised. Some potential threats to SANs include:

Inappropriate Access to SAN configurations
  • Changes to zoning information allowing access to storage and read/write to data
  • Changes to security and access control policies allowing unauthorized servers or switches to gain access to SAN
  • Exposed network administration passwords allowing unintended individuals to access SAN in role of administrator

Inappropriate Use of Resources
  • Denial of Service (DOS) attacks
  • Using a compromised dual-homed host with a Host Bus Adapter (HBA) to read, store, or distribute SAN files

PROACTIVE SECURITY MEASURES

It's important to take proactive steps in securing your SAN to prevent misuse or abuse. Your comprehensive security policy should include:
  • Zoning
  • Secure fabric operating system

Zoning

Zoning is a highly recommended feature offered by some, but not all, switch vendors. It allows you to automatically or dynamically arrange fabric-connected devices into logical groups (zones) across the physical configuration of the fabric. These zones can include selected storage, servers, and workstations within a fabric. Information access is restricted to only the "member" devices in the defined zone. Although zone members can access only other members in their zones, individual devices can be members of more than one zone. This approach enables the secure sharing of your storage resources, a primary benefit of storage networks. In addition to improving security, zoning can also help you simplify management of heterogeneous fabrics, maximize storage resources, and segregate storage traffic.

Secure Fabric Operating Systems

A secure fabric operating system is a complementary feature to zoning and is offered by only some switch vendors. Secure fabric operating systems run on SAN infrastructures, and offer policy-based security. These policies allow you to customize security uniquely to your needs. Secure fabric operating systems help block unauthorized fabric-wide management changes and fabric setting changes, help control server-to-fabric connections, prevent users from arbitrarily adding switches to a fabric, and protect communication between switches and management consoles.

Previous: Troubleshoot and Fix Problems
Next: Upgrade and Expand Your SAN

Nth University Major Events


Nth Special Events introduce hot new technologies, top industry analysts & IT best practices to our clients
Event Calendar

Nth University
See the latest class schedule for
hands-on technical training with top
instructors in our $2M lab!
Class Schedule!

SAN Info Center

Information for every phase of your SAN.
How to Evaluate, Plan & Design,
Implement, Manage & Enhance a SAN
Subscribe for Nth News & Events

Email this page to a friend
Solutions Suite | Services We Offer | Why Nth? | Our Clients | Special Events | Nth University | Company Info
Partners | Customer Service | Contact Us | Site Map | Legal Terms | Privacy Policy | Home

Copyright 2001-2007 Nth Generation Computing, Inc.®