In the absence of comprehensive storage-security solutions and cross-platform storage-security standards, where should IT managers focus first? Experts say there are three points in the typical networked storage topology that today pose the most significant potential security vulnerabilities. IT managers interested in shoring up storage security should begin by understanding these vulnerabilities, assessing whether their current vendors have or will have fixes and, if necessary, look for alternative security solutions.
The three top storage security vulnerabilities are:
1. Insecure management interfaces
Networked-storage equipment vendors are beginning to build stronger authentication technologies into their systems so that, for example, a SAN switch can confirm that a given server should have access to a storage array. Many, however, have yet to provide the same protections to the interfaces used by software-management tools and consoles. Add to that the fact that many vendors allow management tools to access SAN storage devices via LAN or IP connections--not the more isolated SAN Fibre Channel connections--and the result, say experts, is a security breach waiting to happen.
"These management ports are generally made to provide relatively easy administrator access to networked storage devices, and that's just what makes them dangerous from a security point of view," says Alan Paller, director of research at the SANS Institute, a security education and research organization. "Many of these management ports allow dial-up access and use anonymous File Transfer Protocol or even no password protection. It's a big concern."
