Networking

01:00 AM
Connect Directly
RSS
E-Mail
50%
50%

How Secure Is Your SAN?

Storage devices that are directly attached and dedicated to a specific server--and therefore easily secured--are rapidly giving way to shared networked storage topologies that introduce new security exposures.

With all they've got to worry about these days, most IT executives don't lose a lot of sleep over whether the data stored on their companies' tape and disk devices is secure. Most have come to believe that data, particularly mission-critical data residing in the corporate data center, is capably guarded by the usual protections such as firewalls, user authentication, and intrusion-detection systems.

That confidence, however, may be about to evaporate. That's because, at most enterprises, storage devices that are directly attached and dedicated to a specific server--and therefore easily secured--are rapidly giving way to shared networked storage topologies that introduce new security exposures. As much as 70% of enterprise storage will be networked in the form of either Fibre Channel-based storage area networks or network-attached storage devices by 2006, according to Nancy Marrone, senior analyst with the Enterprise Storage Group.

SANs are rapidly gaining ground in the enterprise because it can be easier and less expensive to manage a network of storage devices that are shared by many servers than hundreds or even thousands of disk subsystems attached to individual servers.

But the same things that make SANs cheaper and easier to manage also make them potentially more vulnerable to security breakdowns. Unlike traditional direct-attached storage devices, SANs are accessed by many servers, often running different operating systems. That means it's difficult for SANs to rely on any one host's operating system for security. Also, SANs are typically comprised of many more elements such as storage arrays, switches, directors, host-bus adapters, and management consoles, to name just a few. More elements attempting to access any shared resource over a network usually increases the opportunity for security breaches. An attacker, for example, could mount a denial-of-service attack on a SAN by issuing repeated log-in requests or gaining unauthorized access to combine SAN fabrics in a way that increases inefficiencies and decreases performance. Or an attacker could gain access to key data assets by spoofing, for example, a management interface address. Stored data is particularly vulnerable to this type of attack, experts say, because it is rarely encrypted as it sits on the disk or tape medium. Once a hacker gains unauthorized access to stored data, it's generally easy for the intruder to read, copy, and reuse it.

Such storage security vulnerabilities will multiply as enterprises begin to integrate their Fibre Channel SAN and NAS networks with more easily-accessed IP networks via gateways or the new Internet Small Computer System Interface, a protocol for IP-based storage. While host-bus adapters and other gear using the iSCSI protocol are just beginning to appear, IP-based storage is expected to become more popular, particularly for disaster recovery and remote back-up applications.

Previous
1 of 10
Next
Comment  | 
Print  | 
More Insights
Cartoon
Slideshows
Audio Interviews
Archived Audio Interviews
Jeremy Schulman, founder of Schprockits, a network automation startup operating in stealth mode, joins us to explore whether networking professionals all need to learn programming in order to remain employed.
White Papers
Register for Network Computing Newsletters
Current Issue
2014 Private Cloud Survey
2014 Private Cloud Survey
Respondents are on a roll: 53% brought their private clouds from concept to production in less than one year, and 60% ­extend their clouds across multiple datacenters. But expertise is scarce, with 51% saying acquiring skilled employees is a roadblock.
Video
Twitter Feed