The document presents an overview of Storage Area Networks (SAN), emphasizing their architecture, security standards, and best practices. It highlights the business need for SANs, their cost-effectiveness, and the growing complexity of security in storage networks which need to address data protection legislation. Additionally, it outlines IP SAN and Fibre Channel security measures, along with organizations and standards involved in SAN technology.

1. STORAGE AREA NETWORK (SAN) & SECURITY Presented By Santhosh Kumar.M 07030242024

2. Agenda Introduction SAN Architecture Fibre Channel & IP SAN SAN Security IP SAN & Fibre Channel Security SAN Standards & Organization SAN Best Practices & Checklist Conclusion

3. Enterprise Data Storage Growth 30% annual growth Last 3 years $5.3 billion market by 2005 Largest component of hardware budget 18% of total I.T. budget 60% of hardware budget Separate LAN/SAN spending strategies

4. Storage Models DAS SAN NAS

5. What is a SAN? “A storage area network (SAN) is a network designed to attach computer storage devices such as disk array controllers and tape libraries to servers.” - Wikipedia, the free encyclopedia (2005)

6. Need for SAN in Business Storage Area Network’s Provide High Availability Improve Data Storage Management & Reduce Cost Enable Efficient Hardware Deployment & Utilization Enable Storage Virtualization Improve Data Backup Efficiency & Availability

7. Importance of SAN in Business Research shows that as much as 70% of storage was networked in 2006 McNamara (2005) reports, “SANs…have proven to reduce management costs as a percentage of overall storage costs.”

8. SAN Architecture Server Layer NT Server Unix Server Database Server Fabric Layer Fibre Channel Switch Fibre Channel Bridges

9. Fibre Channel (FC) Fibre Channel is a technology standard for transferring data At extremely high speeds – upto 10 Gbps or even more Fibre Channel is broken up into a series of five layers

10. Fibre Channel Topologies Fibre Channel based SAN support three types of topologies Point-to-Point Arbitrated Loop Switched Fabric These can be standalone or interconnected to form a fabric

11. Point-to-Point 100MByte/s per connection Just defines connection between storage system & host

12. Arbitrated Loop Each port arbitrates for access to the loop Ports that lose the arbitration act as repeaters Single Loop Data flows around the loop, passed from one device to another Dual Loop Some data flows through one loop while other data flows through the second loop

13. Arbitrated Loop with Hub Hubs make a loop look like a series of point to point connections. Addition and deletion of nodes is simple and non-disruptive to information flow. 1 2 3 4 HUB

14. Switched Fabric Fabrics are composed of one or more switches. They enable Fibre Channel networks to grow in size. 1 2 3 4 SWITCH Switches permit multiple devices to communicate at 100 MB/s, thereby multiplying bandwidth 1 2 3 4 SWITCH

15. IP SAN - iSCSI IP SAN is the Storage Area Network transmitting thro data TCP / IP protocols IP SAN is the high-efficient and point-to-point storage solution iSCSI is a internet protocol standards are officially ratified by Internet Engineering Task Force, IETF

16. iSCSI – IP SAN  Fibre Channel IP SAN offers slower throughput than a FC SAN IP SAN is more cost – effective than FC SAN IP SAN considered an alternative for costlier FC SAN

17. SAN Security Landscape SANs are evolving in parallel paths that LANs have evolved Security was not an issue in the early days of LANs either until… Historically, security administrators & storage administrators have not considered storage and SANs “ There is a gap between storage and security “

18. Why SAN Security? SAN contains an organizations most critical data Importance of this data is simply too high to ignore security – even if the risk is perceived to be low The biggest threats to a SAN are from insiders – malicious or otherwise Also Legislation and compliances like HIPAA, PCI – DSS, Sarbanes – Oxley Act (SOX) and Data Protection ACT (DPA) drive an organization to address SAN security

19. Common Security Issues Poor administration of the storage network. Lack of a comprehensive security policy. Absence of vulnerability analysis during the design and construction phase of the SAN.

20. IP SAN - Security iSCSI is a internet protocol standards are officially Uses IP network security, particularly IPSec Key standards in IPSec that iSCSI will take advantage of are Authentication Headers (AH) - authenticates the original connection Internet Key Exchange (IKE) - mutual authentication process for duration of connection Encapsulating Security Protocol (ESP) - encrypts layer 4 and above data iSCSI transmission can take advantage of VPNs and firewalls also

21. Fibre Channel Security Fibre Channel Authentication Protocol (FCAP) Zoning Soft Zoning Hard Zoning LUN Masking Persistent & Port Binding

22. Other Security Issues Locking Down E_Ports Physical Access Remote Access

23. SAN Security Vendors McData SANtegrity Security Suite Software Brocade Secure Fabric OS Hifn 4300 HIPP III Storage Security Processor HP StorageWorks Secure Fabric OS Decru Dataform Security Appliances Kasten Chase Assurency

24. SAN Standards & Organizations Storage Networking Industry Association Fibre Channel Industry Association SCSI Trade Association International Committee for Information Technology Standards INCITS Technical Committee T11 Information Storage Industry Consortium Storage Security Industry Forum (SSIF)

25. SAN Best Practices “ Storage Security Best Current Practices developed by Storage Networking Industry Association (SNIA)”

26. SAN Checklist

27. Conclusion Future of SAN Integration of SAN’s into Mainstream Networking Virtualization Human Factors

28. References SAN Security www.sansecurity.com Storage Networking Industry Association www.snia.org Introduction to Storage Security - A SNIA Security White Paper, October 14, 2005 SAN Security Whitepaper by Santhosh Kumar.M http://www.whitepapers.org/docs/show/1739