HardwareBanter

HardwareBanter (http://www.hardwarebanter.com/index.php)
-   Storage & Hardrives (http://www.hardwarebanter.com/forumdisplay.php?f=30)
-   -   SAN (Storage Area Network) Security FAQ Revision 2004/02/12 - Part 1/1 (http://www.hardwarebanter.com/showthread.php?t=67454)

Voyager February 12th 04 04:31 PM
SAN (Storage Area Network) Security FAQ Revision 2004/02/12 - Part 1/1
 
From: (Will Spencer)
Newsgroups: comp.arch.storage,comp.answers,news.answers
Subject: SAN (Storage Area Network) Security FAQ Revision 2004/02/12 - Part 1/1
Followup-To: comp.arch.storage
Approved:
Reply-To: (FAQ Comments address)
Summary: This posting contains a list of Frequently Asked Questions (and their
answers) about SAN (Storage Area Network) Security.

Archive-Name: comp.arch.storage/san-security-faq
Posting-Frequency: Monthly
Last-Modified: 2004/02/12
Version: 2004/02/12
URL: http://www.sansecurity.com/faq.shtml

Welcome to the comp.arch.storage SAN (Storage Area Network) Security FAQ:
Answers to Frequently Asked Questions about SAN (Storage Area Network)
Security.

The SAN (Storage Area Network) Security FAQ is on the World Wide Web at
http://www.sansecurity.com/faq.shtml

The contents of the comp.arch.storage SAN (Storage Area Network) Security
FAQ include:


-----------------------------------------------------------------------

http://www.sansecurity.com/faq.shtml#What is LUN masking?

What is LUN masking?

LUN (Logical Unit Number) Masking is an authorization process that makes a
LUN available to some hosts and unavailable to other hosts.

LUN Masking is implemented primarily at the HBA (Host Bus Adapater) level.
LUN Masking implemented at this level is vulnerable to any attack that
compromises the HBA.

Some storage controllers also support LUN Masking.

LUN Masking is important because Windows based servers attempt to write
volume labels to all available LUN's. This can render the LUN's unusable
by other operating systems and can result in data loss.


-----------------------------------------------------------------------

http://www.sansecurity.com/faq.shtml#What is zoning?

What is zoning?

Zoning is a method of arranging Fibre Channel devices into logical groups
over the physical configuration of the fabric. These zones may be utlized
to implement compatmentalization of data for security purposes.

Each device may be placed into multiple zones.


-----------------------------------------------------------------------

http://www.sansecurity.com/faq.shtml#What are the two types of zoning?

What are the two types of zoning?

The two types of zoning in a fabric environment are port zoning and WWN
Zoning. Port zoning uses zones by physical ports. WWN (World Wide Name)
zoning uses name servers in the switches to either allow or block access
to particular WWNs in the fabric. Port zoning is more secure; WWN zoning
is common. A major advantage of WWN zoning is the ability to recable the
fabric without having to redo the zone information. WWN zoning susceptible
to unauthorized access, as the zone can be bypassed if someone knows the
IEEE address of the adapter and does an access directly to the node.


-----------------------------------------------------------------------

http://www.sansecurity.com/faq.shtml#What are the classes of attacks against SANs?

What are the classes of attacks against SANs?

Snooping: Mallory reads data Alice sent to Bob in private
Allows access to data
Spoofing: Mallory fools Alice into thinking that he is Bob
Allows access to or destruction of data
Denial of Service: Mallory crashes or floods Bob or Alice
Reduces availability

-----------------------------------------------------------------------


http://www.sansecurity.com/faq.shtml#What are some attacks against FCP?

What are some attacks against FCP?

Node Name / Port Name spoofing at Port Login time
Source Port ID spoofing on dataless FCP commands
Snooping and spoofing on FC-AL
Snooping and Spoofing after Fabric reconfiguration
Denial of Service attacks can be made in User mode

-----------------------------------------------------------------------

http://www.sansecurity.com/faq.shtml#What is FCAP (Fibre Channel Authentication Protocol)?

What is FCAP (Fibre Channel Authentication Protocol)?

FCAP is an optional authentication mechanism employed between any two devices
or entities on a Fibre Channel network using certificates or optional keys.


-----------------------------------------------------------------------


http://www.sansecurity.com/faq.shtml#What is FCPAP (Fibre Channel Password Authentication Protocol)?


What is FCPAP (Fibre Channel Password Authentication Protocol)?

FCPAP is an optional authentication mechanism employed between any two devices
or entities on a Fibre Channel network using secure remote password (SRP).


-----------------------------------------------------------------------


http://www.sansecurity.com/faq.shtml#What is SLAP (Switch Link Authentication Protocol)?

What is SLAP (Switch Link Authentication Protocol)?

SLAP is an authentication method for Fibre Channel switches which utilizes
digital certificates to authenticate switch ports.

SLAP was designed to prevent the unauthorized addition of switches into a Fibre
Channel network.


All times are GMT +1. The time now is 11:13 PM.

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
HardwareBanter.com