The ability to identify the points of vulnerability and implement a reliable security solution is the key to securing a SAN fabric infrastructure.
Following are the main key area of security:
- SAN management access : Secure access to management services.
- Fabric access : Secure device access to fabric access.
- Target access : Secure access to targets.
- SAN protocol : Secure switch to switch communication protocol.
- Data integrity and secrecy : Encryption of data at transit and at receiver
Threats to physical components of SAN:
- WWN spoofing of hosts and storage devices.
- Unauthorized devices attacking the fabric.
- Unauthorized switches attacking the fabric.
Threats to logical components:
- Unauthorized usage of SAN management access methods(Telnet, API etc)
- Critical information theft.
- Denial of service attacks
- Replay attacks
SAN limitations :
1. SANs are very expensive as Fibre channel technology tends to be pricier and maintenance requires a higher degree of skill.
2. Leveraging of existing technology investments tends to be much difficult. Though SAN facilitates to make use of already existing legacy storage, lack of SAN-building skills has greatly diminished deployment of homegrown SANs. So currently pre-packaged SANs based on Fibre channel technology are being used among the enterprises.
3. Management of SAN systems has proved to be a real tough one due to various reasons. Also for some, having a SAN storage facility seems to be wasteful one.
4. Also, there are a few SAN product vendors due to its very high price and very few mega enterprises need SAN set up.