Fibre Channel storage area network (SAN) security

Underestimating storage area network (SAN) and Fibre Channel security risks could lead your customers to data loss. This chapter excerpt from "Securing Storage: A Practical Guide to SAN and NAS Security" provides full descriptions of Fibre Channel security risks, SAN attacks and security assessment tools.

Book Chapter -- SAN: Fibre Channel Security

The emergence of SAN technology combined with data protection, privacy, and regulatory concerns has made storage security an important topic. SAN security risks are often misunderstood and/or underestimated. Furthermore, the critical issues associated with SANs, combined with the lack of communication concerning defenses, has created a security gap in storage.

The purpose of this chapter is to discuss Fibre Channel SAN security risks (iSCSI security risks will be discussed in Chapter 8). Each risk will be described and then fully discussed to allow organizations to make decisions based on their SAN data, its implementation, and the organization's risk-tolerance level.

Chapter 2 is the first of three chapters (chapters 2, 3 and 4) where SAN security risks and the correlating attacks will be discussed. After a detailed description of the security risks, we discuss the details of the SAN attacks. Several sections in the next three chapters will be followed by a self-assessment exercise, allowing administrators to test their own exposures, vulnerabilities, and exploits.


Use the following table of contents to navigate to chapter excerpts or click here to view SANs: Fibre Channel Security in its entirety.



Securing Storage: A Practical Guide to SAN and NAS Security

  Home: SAN: Fibre Channel Security -- Introduction
  1: SAN risks
  2:Fibre Channel risks
  3:Clear-text communication
  4:SAN hacking
  5:Fibre Channel frame weaknesses
  6:Session hijacking: assessment exercise
  7:Fibre Channel address weaknesses
  8: Fibre Channel man-in-the-middle attacks
  9: Fibre Channel address weaknesses: assessment exercise

About the book:   
Securing Storage: A Practical Guide to SAN and NAS Security is an indispensable resource for every storage and security professional, and for anyone responsible for IT infrastructure, from architects and network designers to administrators. You've invested heavily in securing your applications, operating systems, and network infrastructure. But you may have left one crucial set of systems unprotected: your SAN, NAS, and iSCSI storage systems. Securing Storage reveals why these systems aren't nearly as secure as you think they are, and presents proven best practices for hardening them against more than 25 different attacks. Purchase Securing Storage: A Practical Guide to SAN and NAS Security the book from Addison-Wesley Publishing
About the author:   
Himanshu Dwivedi is a founding partner of iSEC Partners, a digital security services and products organization. Before forming iSEC Partners, Himanshu was the Technical Director for @stake s San Francisco security practice, a leader in application and network security. His professional experience includes application programming, infrastructure security, and secure product design with an emphasis on storage risk assessment.


Dig Deeper on Primary and secondary storage