Storage Area Networks: the growing need for security

THE MORE VALUABLE the data is to an organisation, the lower the risk that organisation can tolerate. As the value of data to businesses increases, so will the importance we place on security. Globalisation has a multiplying effect; the volume of data and that data’s value are growing at the same time the range of potential threats is increasing.

As we dive into these topics, it is worth pointing out that although SAN security focuses on issues specific to the storage industry, it follows the same established principles found in all modern IT security. It involves continual evaluation of an environment’s current state of security in light of the constant changes brought about by innovations in technology and an increase in awareness concerning security issues. As a result, your SAN security strategy must be integrated with your overall IT security, which must address all possible threats facing data within a SAN environment.So what are the key threats that ought to be on the radar of all IT organisations? Interestingly, many think that the primary focus should be on guarding against sophisticated hackers who intend to destroy or steal data. But in reality, most IT security threats originate from inside an organisation.

With this in mind, organisations should first identify the threats most likely to be exploited within their own environments and implement the appropriate countermeasures to mitigate the associated risks of each potential threat. In a SAN environment, the most vulnerable points of exposure usually involve the people who manage the SAN and the management interfaces linked to the infrastructure hardware. Outsider attacks typically target the management interfaces since they use the TCP/IP protocol, which has global reach and is well known to hackers.

Before we address specific threat categories, we should address the basics. The first line of defense in protecting SAN data and devices from potential threats is physical security. Organisations should physically lock buildings, then restrict and monitor access to datacentres and even racks within the datacentre. Guards, cameras, bio-identification, motion sensors, infrared sensors, door sensors, and other monitors can track who has physical access to IT devices at any given time. Robust physical security is a basic essential for data security, and offers benefits for system availability and change control procedures as well. Be sure that physical security is well-addressed in your environment.

Once physical security is taken care of, most security threats regarding SAN environments fall into three categories:
 Malicious insider threats
 Non-malicious insider threats
 Malicious outsider threats

Malicious insider threats will typically involve employees or contractors who have something to gain from exploiting a weakness in the system. These threats are challenging to manage and control since they involve people who have legitimate access to the affected systems. The key to mitigating risks from this type of threat is to limit the privileges a specific individual has and to distribute workload and responsibilities among multiple administrators. In the event that a security incident occurs, it is also important to have a proper incident response procedure in place, with clear methods to track administrator activities and provide evidence for any potential criminal or civil investigation.

Key ways in which organisations can prevent malicious attacks of this type include limiting administrator responsibilities and tracking activity person by person. Do this by assigning individual user names to SAN administrators and avoid using a single “admin” account that is shared by several individuals. Tracking SAN administrator activities and maintaining logs for security-related events is another useful way to safeguard against potential threats.

In the event of an incident, these activity records can be synchronised with system logs and readily analysed for suspicious or ill-advised behaviorst. A further recommendation is to isolate particularly sensitive environments by completely segregating the most security-sensitive environments from other systems.
This method is particularly recommended for government agencies and commercial projects requiring the highest level of confidentiality. Moving on, non-malicious insider threats are probably the most common cause of service disruptions within a SAN. Several factors contribute to this problem, including lack of knowledge and training, poorly documented or non-existent operational procedures, a bypass of operational procedures, fatigue caused by long or night-time working hours, misidentification of hardware, and simple human error. Key to minimising the risks of this type of threat is to develop solid, well-documented operational procedures and restrict administrator privileges to only the tasks that are required for a particular administrator’s job functions.

Providing full administrative authority for administrators who do not need that level of access exposes the organisation to accidental or malicious attacks that can cause unnecessary downtime or data loss. Organisations should therefore avoid granting additional privileges where they are not required. The fact that a person may be a trusted, long-term, or favoured administrator is not justification for granting unneeded administrative rights. We want all our administrators to be trusted, but we must also constrain privileges where possible.
When it comes to the external threats, the greatest potential points of exploitation in a SAN are the management interfaces: entry points that outside attackers typically attempt to infiltrate.

It is a given that organisations should employ reliable overall IP network security to isolate the management interfaces and ensure that they are accessible only to the appropriate staff on the IP network. Outside attackers often start by attempting to discover the SAN switch devices on the IP network. Organisations can minimise this exposure by disabling any unused management interfaces or protocols, such as telnet, SNMP, or HTTP.

If an attacker does know the IP address of a SAN switch, the user authentication process or login is the next line of defence. As always, organisations should modify the well-known default passwords for all of these accounts, and it is worth double checking to ensure that your organisation is handling this correctly. Keeping default passwords, changing the default passwords only slightly, and using easy-to-discover passwords constitute the most common security
holes with SAN devices – and IT devices in general.
These days, every organisation with a SAN should consider the use of ‘zoning’ as a tactic. When SANs first emerged more than a decade ago, there was no real access control mechanism to protect storage used by one host from being accessed by another host. This was not a significant issue at the time due to the limited scale of the original SANs. Over time, this became a security risk as SANs became larger, more complex, and mission-critical to most datacentres. To help secure particular devices and data, Brocade invented the concept of “zoning”, or restricting device communication only to member devices within a given zone.

Today, this plays a large role in SAN security across the IT services industry. SAN security has gained considerable visibility in IT over the last few years and is rightly now a well-established item on the C-level security agenda. Forward-thinking IT organisations should therefore make sure that they have a solid SAN security strategy and incident response system in place. This is vital in order to ensure that the risks posed by security breaches are well-known and subsequently minimised to reduce the likelihood of a breach, and the potential damage that any incident might cause.