Chapter 15
Securing the Storage
Infrastructure
T
he Internet is a globally available medium
for connecting personal computers, servers,
Key Concepts
Storage Security Framework
networks, and storage, making it increas-
ingly vulnerable to attacks. Valuable information, The Risk Triad
including intellectual property, personal identities,
Denial of Service
and financial transactions, is routinely processed
and stored in storage arrays, which are accessed Security Domain
through the network. As a result, storage is now Infrastructure Right Management
more exposed to various security threats that can
potentially damage business-critical data and dis- Access Control
rupt critical services. Securing storage networks has
become an integral component of the storage management process. It is an inten-
sive and necessary task, essential to managing and protecting vital information.
This chapter describes a framework for storage security that is designed to
mitigate security threats that may arise and to combat malicious attacks on the
storage infrastructure. In addition, this chapter describes basic storage security
implementations, such as the security architecture and protection mechanisms
in SAN, NAS, and IP-SAN.
15.1 Storage Security Framework
The basic security framework is built around the four primary services of security:
accountability, confidentiality, integrity, and availability. This framework incor-
porates all security measures required to mitigate threats to these four primary
security attributes:
■■ Accountability service: Refers to accounting for all the events and opera-
tions that takes place in data center infrastructure. The accountability service
335
94215c15.indd 335 2/20/09 2:53:22 PM
, 336 Section IV n Storage Security and Management
maintains a log of events that can be audited or traced later for the purpose
of security.
■■ Confidentiality service: Provides the required secrecy of information
and ensures that only authorized users have access to data. This service
authenticates users who need to access information and typically covers
both data in transit (data transmitted over cables), or data at rest (data on
a backup media or in the archives).
Data in transit and at rest can be encrypted to maintain its confidentiality.
In addition to restricting unauthorized users from accessing information,
confidentiality services also implement traffic flow protection measures as
part of the security protocol. These protection measures generally include
hiding source and destination addresses, frequency of data being sent,
and amount of data sent.
■■ Integrity service: Ensures that the information is unaltered. The objec-
tive of the service is to detect and protect against unauthorized alteration
or deletion of information. Similar to confidentiality services, integrity
services work in collaboration with accountability services to identify
and authenticate the users. Integrity services stipulate measures for both
in-transit data and at-rest data.
■■ Availability service: This ensures that authorized users have reliable and
timely access to data. These services enable users to access the required
computer systems, data, and applications residing on these systems.
Availability services are also implemented on communication systems
used to transmit information among computers that may reside at differ-
ent locations. This ensures availability of information if a failure in one
particular location occurs. These services must be implemented for both
electronic data and physical data.
15.2 Risk Triad
Risk triad defines the risk in terms of threats, assets, and vulnerabilities. Risk
arises when a threat agent (an attacker) seeks to access assets by exploiting an
existing vulnerability.
To manage risks, organizations primarily focus on vulnerabilities because
they cannot eliminate threat agents that may appear in various forms and
sources to its assets. Organizations can install countermeasures to reduce the
impact of an attack by a threat agent, thereby reducing vulnerability.
Risk assessment is the first step in determining the extent of potential threats
and risks in an IT infrastructure. The process assesses risk and helps to identify
94215c15.indd 336 2/20/09 2:53:22 PM
, Chapter 15 n Securing the Storage Infrastructure 337
appropriate controls to mitigate or eliminate risks. To determine the probability
of an adverse event occurring, threats to an IT system must be analyzed in con-
junction with the potential vulnerabilities and the existing security controls.
The severity of an adverse event is estimated by the impact that it may have
on critical business activities. Based on this analysis, a relative value of criti-
cality and sensitivity can be assigned to IT assets and resources. For example,
a particular IT system component may be assigned a high-criticality value if
an attack on this particular component can cause a complete termination of
mission-critical services.
The following sections examine the three key elements of the risk triad.
Assets, threats, and vulnerability are considered from the perspective of risk
identification and control analysis.
15.2.1 Assets
Information is one of the most important assets for any organization. Other
assets include hardware, software, and the network infrastructure required to
access this information. To protect these assets, organizations must develop a
set of parameters to ensure the availability of the resources to authorized users
and trusted networks. These parameters apply to storage resources, the network
infrastructure, and organizational policies.
Several factors need to be considered when planning for asset security.
Security methods have two objectives. First objective is to ensure that the net-
work is easily accessible to authorized users. It should also be reliable and
stable under disparate environmental conditions and volumes of usage. Second
objective is to make it very difficult for potential attackers to access and com-
promise the system. These methods should provide adequate protection against
unauthorized access to resources, viruses, worms, Trojans and other malicious
software programs. Security measures should also encrypt critical data and
disable unused services to minimize the number of potential security gaps. The
security method must ensure that updates to the operating system and other
software are installed regularly. At the same time, it must provide adequate
redundancy in the form of replication and mirroring of the production data to
prevent catastrophic data loss if there is an unexpected malfunction. In order
for the security system to function smoothly, it is important to ensure that all
users are informed of the policies governing use of the network.
The effectiveness of a storage security methodology can be measured by two
criteria. One, the cost of implementing the system should only be a small frac-
tion of the value of the protected data. Two, it should cost a potential attacker
more, in terms of money and time, to compromise the system than the protected
data is worth.
94215c15.indd 337 2/20/09 2:53:22 PM
Securing the Storage
Infrastructure
T
he Internet is a globally available medium
for connecting personal computers, servers,
Key Concepts
Storage Security Framework
networks, and storage, making it increas-
ingly vulnerable to attacks. Valuable information, The Risk Triad
including intellectual property, personal identities,
Denial of Service
and financial transactions, is routinely processed
and stored in storage arrays, which are accessed Security Domain
through the network. As a result, storage is now Infrastructure Right Management
more exposed to various security threats that can
potentially damage business-critical data and dis- Access Control
rupt critical services. Securing storage networks has
become an integral component of the storage management process. It is an inten-
sive and necessary task, essential to managing and protecting vital information.
This chapter describes a framework for storage security that is designed to
mitigate security threats that may arise and to combat malicious attacks on the
storage infrastructure. In addition, this chapter describes basic storage security
implementations, such as the security architecture and protection mechanisms
in SAN, NAS, and IP-SAN.
15.1 Storage Security Framework
The basic security framework is built around the four primary services of security:
accountability, confidentiality, integrity, and availability. This framework incor-
porates all security measures required to mitigate threats to these four primary
security attributes:
■■ Accountability service: Refers to accounting for all the events and opera-
tions that takes place in data center infrastructure. The accountability service
335
94215c15.indd 335 2/20/09 2:53:22 PM
, 336 Section IV n Storage Security and Management
maintains a log of events that can be audited or traced later for the purpose
of security.
■■ Confidentiality service: Provides the required secrecy of information
and ensures that only authorized users have access to data. This service
authenticates users who need to access information and typically covers
both data in transit (data transmitted over cables), or data at rest (data on
a backup media or in the archives).
Data in transit and at rest can be encrypted to maintain its confidentiality.
In addition to restricting unauthorized users from accessing information,
confidentiality services also implement traffic flow protection measures as
part of the security protocol. These protection measures generally include
hiding source and destination addresses, frequency of data being sent,
and amount of data sent.
■■ Integrity service: Ensures that the information is unaltered. The objec-
tive of the service is to detect and protect against unauthorized alteration
or deletion of information. Similar to confidentiality services, integrity
services work in collaboration with accountability services to identify
and authenticate the users. Integrity services stipulate measures for both
in-transit data and at-rest data.
■■ Availability service: This ensures that authorized users have reliable and
timely access to data. These services enable users to access the required
computer systems, data, and applications residing on these systems.
Availability services are also implemented on communication systems
used to transmit information among computers that may reside at differ-
ent locations. This ensures availability of information if a failure in one
particular location occurs. These services must be implemented for both
electronic data and physical data.
15.2 Risk Triad
Risk triad defines the risk in terms of threats, assets, and vulnerabilities. Risk
arises when a threat agent (an attacker) seeks to access assets by exploiting an
existing vulnerability.
To manage risks, organizations primarily focus on vulnerabilities because
they cannot eliminate threat agents that may appear in various forms and
sources to its assets. Organizations can install countermeasures to reduce the
impact of an attack by a threat agent, thereby reducing vulnerability.
Risk assessment is the first step in determining the extent of potential threats
and risks in an IT infrastructure. The process assesses risk and helps to identify
94215c15.indd 336 2/20/09 2:53:22 PM
, Chapter 15 n Securing the Storage Infrastructure 337
appropriate controls to mitigate or eliminate risks. To determine the probability
of an adverse event occurring, threats to an IT system must be analyzed in con-
junction with the potential vulnerabilities and the existing security controls.
The severity of an adverse event is estimated by the impact that it may have
on critical business activities. Based on this analysis, a relative value of criti-
cality and sensitivity can be assigned to IT assets and resources. For example,
a particular IT system component may be assigned a high-criticality value if
an attack on this particular component can cause a complete termination of
mission-critical services.
The following sections examine the three key elements of the risk triad.
Assets, threats, and vulnerability are considered from the perspective of risk
identification and control analysis.
15.2.1 Assets
Information is one of the most important assets for any organization. Other
assets include hardware, software, and the network infrastructure required to
access this information. To protect these assets, organizations must develop a
set of parameters to ensure the availability of the resources to authorized users
and trusted networks. These parameters apply to storage resources, the network
infrastructure, and organizational policies.
Several factors need to be considered when planning for asset security.
Security methods have two objectives. First objective is to ensure that the net-
work is easily accessible to authorized users. It should also be reliable and
stable under disparate environmental conditions and volumes of usage. Second
objective is to make it very difficult for potential attackers to access and com-
promise the system. These methods should provide adequate protection against
unauthorized access to resources, viruses, worms, Trojans and other malicious
software programs. Security measures should also encrypt critical data and
disable unused services to minimize the number of potential security gaps. The
security method must ensure that updates to the operating system and other
software are installed regularly. At the same time, it must provide adequate
redundancy in the form of replication and mirroring of the production data to
prevent catastrophic data loss if there is an unexpected malfunction. In order
for the security system to function smoothly, it is important to ensure that all
users are informed of the policies governing use of the network.
The effectiveness of a storage security methodology can be measured by two
criteria. One, the cost of implementing the system should only be a small frac-
tion of the value of the protected data. Two, it should cost a potential attacker
more, in terms of money and time, to compromise the system than the protected
data is worth.
94215c15.indd 337 2/20/09 2:53:22 PM
