06-26-04 07:26 PM
From: will.spencer@sansecurity.com (Will Spencer)
Newsgroups: comp.arch.storage,comp.answers,news.answers
Subject: SAN (Storage Area Network) Security FAQ Revision 2004/06/23 - Part
1/1
Followup-To: comp.arch.storage
Approved: news-answers-request@MIT.EDU
Reply-To: will.spencer@sansecurity.com (FAQ Comments address)
Summary: This posting contains a list of Frequently Asked Questions (and the
ir
answers) about SAN (Storage Area Network) Security.
Archive-Name: comp-arch-storage/san-security-faq
Posting-Frequency: Monthly
Last-Modified: 2004/06/23
Version: 2004/06/23
URL: http://www.sansecurity.com/san-security-faq.shtml
Welcome to the comp.arch.storage SAN (Storage Area Network) Security FAQ:
Answers to Frequently Asked Questions about SAN (Storage Area Network)
Security.
The SAN (Storage Area Network) Security FAQ is on the World Wide Web at
http://www.sansecurity.com/san-security-faq.shtml
The contents of the comp.arch.storage SAN (Storage Area Network) Security
FAQ include:
-----------------------------------------------------------------------
http://www.sansecurity.com/faq/lun-masking.shtml
What is LUN masking?
LUN (Logical Unit Number) Masking is an authorization process that makes a
LUN available to some hosts and unavailable to other hosts.
LUN Masking is implemented primarily at the HBA (Host Bus Adapater) level.
LUN Masking implemented at this level is vulnerable to any attack that
compromises the HBA.
Some storage controllers also support LUN Masking.
LUN Masking is important because Windows based servers attempt to write
volume labels to all available LUN's. This can render the LUN's unusable
by other operating systems and can result in data loss.
-----------------------------------------------------------------------
http://www.sansecurity.com/faq/san-zoning.shtml
What is zoning?
Zoning is a method of arranging Fibre Channel devices into logical groups
over the physical configuration of the fabric. These zones may be utlized
to implement compatmentalization of data for security purposes.
Each device may be placed into multiple zones.
-----------------------------------------------------------------------
http://www.sansecurity.com/faq/hard-soft-zoning.shtml
What are the two types of zoning?
The two types of zoning in a fabric environment are port zoning and WWN
Zoning. Port zoning uses zones by physical ports. WWN (World Wide Name)
zoning uses name servers in the switches to either allow or block access
to particular WWNs in the fabric. Port zoning is more secure; WWN zoning
is common. A major advantage of WWN zoning is the ability to recable the
fabric without having to redo the zone information. WWN zoning susceptible
to unauthorized access, as the zone can be bypassed if someone knows the
IEEE address of the adapter and does an access directly to the node.
-----------------------------------------------------------------------
http://www.sansecurity.com/faq/san-...y-attacks.shtml
What are the classes of attacks against SANs?
Snooping: Mallory reads data Alice sent to Bob in private
Allows access to data
Spoofing: Mallory fools Alice into thinking that he is Bob
Allows access to or destruction of data
Denial of Service: Mallory crashes or floods Bob or Alice
Reduces availability
-----------------------------------------------------------------------
http://www.sansecurity.com/faq/fcp-...
l.shtml
What is FCPAP (Fibre Channel Password Authentication Protocol)?
FCPAP is an optional authentication mechanism employed between any two devic
es
or entities on a Fibre Channel network using secure remote password (SRP).
-----------------------------------------------------------------------
[url]http://www.sansecurity.com/faq/slap-switch-link-authentication-protocol.shtml[/url
]
What is SLAP (Switch Link Authentication Protocol)?
SLAP is an authentication method for Fibre Channel switches which utilizes
digital certificates to authenticate switch ports.
SLAP was designed to prevent the unauthorized addition of switches into a Fi
bre
Channel network.
[ Post a follow-up to this message ]
| 
