Security Spotlight Shines on SANs: Page 2
Rudimentary Security Opens Door for SAN Security Breaches
Unlike conventional IP networking security issues, security breaches in a SAN can have a permanent and devastating effect. Corruption of current data on disk or tape is absolute and recoverable only to the latest snapshot or backup version. For the highest degree of data integrity, synchronous data replication at least ensures that a current copy of real-time data is secured elsewhere.
But even synchronous copy cannot protect against all deliberate or inadvertent intrusions. At one company, for example, an administrator swapped a blank disk drive into a primary array, thinking he was actually swapping it into the secondary mirror. As a consequence, current data on the secondary was deleted. The array itself provided no safeguards to prevent this inadvertent action.
To date, SAN vendors have provided only rudimentary options for safeguarding storage access. LUN masking and zoning are commonly used to ensure that only authorized servers have access to designated storage arrays. Both parameters, however, can be changed via the management interface, creating an opportunity for reassignment from an authorized server to an unauthorized server or workstation. Access Control Lists (ACLs) are another option for providing rudimentary verification, and prevent, for example, a newly introduced server from automatically logging on to the SAN fabric.
These frontline defenses are primarily aimed at circumventing administrative errors, but cannot withstand deliberate attempts to bypass authorized configurations. Management interfaces may be password protected, but once the password is cracked, a management utility, which is typically intuitive by design and offers online help, could be deciphered even by the uninitiated.