SAN Security:
The Role of SAN Security in Storage Operations Management
An effective storage management solution must consider the role of security in ensuring network and data integrity. When Direct Attached Storage (DAS) was the majority of storage, security was not an issue. By preventing access to the server you could stop access to the server-owned storage resources of disk and tape. Unlike DAS, Storage Area Networks (SANs) allow multiple access points. Holes in SAN security practices can threaten data integrity and system availability.
An effective storage area network security management solution should implement security practices for:
- Storage array volume access control
- Volume access control on the host
- Device configuration access control
- Storage management software access
- Proactive detection and notification of access violations, auditing and logging
Three methods of SAN security for storage access control segregate the I/O path to prevent incompatible systems from accessing another system's storage. A well designed storage management solution should automate the configuration of your SAN to enforce the best security methods. The three methods are:
1. Switch or fabric-based zoning
2. LUN management and port zoning at the storage subsystem
3. LUN masking at the server
Switch or fabric-based zoning
The Fibre Channel standard governing SAN security products is wide open by default. Application servers are potentially aware of all SAN devices, with unrestricted access to any disk. Zoning is a switch function that addresses this problem by creating a logical, closed path from the host server to the storage array. Devices can be restricted to single zones or shared zones. For example, a server may be in one zone with a RAID and share a second zone with a tape library. A well designed storage operations management solution should allow you to define, by policy, which zone a given application's volume or database should belong to ensure automatic security enforcement.
As the complexity of your fabric(s) grows, ensuring that your zoning policies are enforced becomes a difficult manual task. This task becomes even more exasperating if you add different manufacturer's switches and/or directors which result in multiple user interfaces. Even different models from the same manufacturer may have a different user interface. A well-designed storage management solution should provide one common interface for defining all fabric zoning. Furthermore, an effective solution should allow you to define by policy which zone an application or server should belong to and should automate the provisioning and set-up of the fabric.
The choices for SAN security and storage access control are further complicated because there are two methods of switched zoning - zoning that is implemented in the switch hardware, known as hard zoning and zoning that is implemented in the switch software, known as soft zoning. Hard zoning works in one of two ways: by linking physical ports in the fabric (port zoning), or by using the World Wide Name (WWN) that identifies each SAN device. Of the two hard zoning techniques, port zoning is easier but less flexible. On the other hand, WWN can be spoofed, allowing a rogue device in onto the network.
Soft zoning uses the switch's name server database, which stores WWNs and port numbers. It's a flexible zoning method, but there's a risk that certain operating systems will allow the host to connect directly to the storage device without consulting the database.
There is a potential SAN security risk with soft zoning, which can be caused by an intruder that spoofs frame addresses and may be able to infiltrate switch zones by trying various source and destination combinations until successful. In addition, such a process may overload the switch with excessive requests resulting in a denial-of-service. Note that the risk is somewhat mitigated by the fact that the storage network is usually behind a firewall and servers are in a physically secure data center.
