Security Spotlight Shines on SANs

In insecure times, security threats seem to be everywhere, and heightened security awareness is rampant. While SAN technology's rudimentary security managed to avoid scrutiny in its early days, it too is now coming under the security spotlight. What security threats exist today for storage area networks, and how can you protect your SANs from them?


You Can't Detect What You Can't See: Illuminating the Entire Kill Chain

On-Demand Webinar

(Page 1 of 4)

In insecure times, security threats seem to be everywhere. When even little old ladies are made to take off their shoes for the airport x-ray machines, you know that everyone is a suspect until proven otherwise. SAN technology, which in its early career avoided strip searches before entering the data center, is also now coming under the security spotlight. As one SAN security vendor, NeoScale Systems, proclaims, "Availability Means Risk." The fact that a storage area network facilitates availability of shared storage assets therefore makes SANs inherently insecure and a potential target of the Evil-Doers (whomever they may be).

As with most corporate networks, though, the main security threat is not from external malefactors, but from internal sources -- bored or disgruntled employees, or simply the innocent administrator who inadvertently enables unauthorized access to departmental data. Because SANs create a neighborhood in which vital corporate data resides, a secure SAN should be a gated community with restricted and verifiable access. In practice, though, few companies implement anything more than simple physical isolation to safeguard their SANs. A SAN sitting behind the coded lock of a data center door may enjoy some protection from curious passersby, but it's still exposed to security breaches or disruption by anyone who knows which buttons to push.

In addition, not everything stays within the data center. Traditional tape vaulting, for example, regularly transports terabytes of corporate information assets across public roads in the questionable security of a van or truck. The local area network used for SAN management may likewise exit the data center and attach to the corporate LAN and WAN. In the latter case, while it might not be possible for someone outside the data center to access storage data directly, the possibility certainly exists to use management to rezone server/storage assignments and provide a path to otherwise restricted data, or to execute a denial of service attack by resetting SAN switches.

Page 2: Rudimentary Security Opens Door for SAN Security Breaches

Page 1 of 4

1 2 3 4
Next Page

0 Comments (click to add your comment)
Comment and Contribute


(Maximum characters: 1200). You have characters left.



IT Management Daily
Don't miss an article. Subscribe to our newsletter below.

By submitting your information, you agree that datamation.com may send you Datamation offers via email, phone and text message, as well as email offers about other products and services that Datamation believes may be of interest to you. Datamation will process your information in accordance with the Quinstreet Privacy Policy.