SAN security


The ability to identify the points of vulnerability and implement a reliable security solution is the key to securing a SAN fabric infrastructure.

Following are the main key area of security:
  1. SAN management access : Secure access to management services.
  2. Fabric access : Secure device access to fabric access.
  3. Target access : Secure access to targets.
  4. SAN protocol : Secure switch to switch communication protocol.
  5. Data integrity and secrecy : Encryption of data at transit and at receiver
Threats to physical components of SAN:
  1. WWN spoofing of hosts and storage devices.
  2. Unauthorized devices attacking the fabric.
  3. Unauthorized switches attacking the fabric.
Threats to logical components:
  1. Unauthorized usage of SAN management access methods(Telnet, API etc)
  2. Critical information theft.
  3. Denial of service attacks
  4. Replay attacks
SAN limitations :

1. SANs are very expensive as Fibre channel technology tends to be pricier and maintenance requires a higher degree of skill.

2. Leveraging of existing technology investments tends to be much difficult. Though SAN facilitates to make use of already existing legacy storage, lack of SAN-building skills has greatly diminished deployment of homegrown SANs. So currently pre-packaged SANs based on Fibre channel technology are being used among the enterprises.
3. Management of SAN systems has proved to be a real tough one due to various reasons. Also for some, having a SAN storage facility seems to be wasteful one.
4. Also, there are a few SAN product vendors due to its very high price and very few mega enterprises need SAN set up.