Data Security for Storage Area Networks

Tom Clark

doi:10.4018/978-1-59904-855-0.ch038

Special Offers
- IGI Global’s New Emerging Topic e-Book Collections
  Acquire highly focused and affordable Cutting-Edge Peer-Reviewed Research Content through a selection of 17 topic-focused e-Book Collections discounted up to 90%, compared to list prices. Collection topics include Artificial Intelligence, Data Science, Language Learning, Marketing and Customer Relations, Sustainability, and many more. Hosted on the InfoSci^® platform, these collections feature no DRM, no additional cost for multi-user licensing, no embargo of content, full-text PDF & HTML format, and more.
  Learn More
- Open Access Book (Free Access) - Encyclopedia of Information Science and Technology, Sixth Edition (ISBN: 9781668473665)
  The Encyclopedia of Information Science and Technology, Sixth Edition) continues the legacy set forth by the first five editions by providing comprehensive coverage and up-to-date definitions of the most important issues, concepts, and trends pertaining to technological advancements and information management within a variety of settings and industries. The entire book is being published under open access.
  Read Now
- Open Access Book (Free Access) - Food Sustainability, Environmental Awareness, and Adaptation and Mitigation Strategies for Developing Countries (ISBN: 9781668456293)
  Food Sustainability, Environmental Awareness, and Adaptation and Mitigation Strategies for Developing Countries provides information on the recent technology, mitigation, and environmental protection that must be applied for food sustainability in developing countries. This book is being published under Platinum Open Access through funding from Diponegoro University, Indonesia.
  Read Now
- Open Access Book (Free Access) - New Models of Higher Education: Unbundled, Rebundled, Customized, and DIY (ISBN: 9781668438091)
  The Walmart Corporation and the Lumina Foundation have provided funding to make New Models of Higher Education: Unbundled, Rebundled, Customized, and DIY fully open access, completely removing any paywall between scholars in education and the latest research on new models for the future of higher education.
  Read Now
- Open Access Book (Free Access) - Handbook of Research on the Global View of Open Access and Scholarly Communications (ISBN: 9781799898054)
  Through a collaboration between IGI Global and the University of North Texas, the Handbook of Research on the Global View of Open Access and Scholarly Communications has been published as fully open access, completely removing any paywall between researchers of any field, and the latest research on the equitable and inclusive nature of Open Access and all of its complications.
  Read Now
Books
- - Books by Subject
  - Business, Administration, & Management
  - Scientific, Technical, & Medical (STM)
  - Education
  - Books by Field
Journals
- - Journals
  - OnDemand Journal Articles
  - Journals by Subject
  - Business, Administration, & Management
  - Scientific, Technical, & Medical (STM)
  - Education
  - Journals by Field
e-Collections
Open Access
- View All Open Access Opportunities
  Search across all of IGI Global’s available open access publishing opportunities to unleash your research potential.
  Find an Open Access Journal for Your Next Manuscript
  Search across all of IGI Global’s available open access publishing opportunities to unleash your research potential.
  Submit an Open Access Book Proposal
  Learn more about open access book publishing and how it can propel your research forward in the field.
  Convert Your Work to Open Access
  Already published? You can convert your work to open access to increase its impact through IGI Global’s Restrospective Open Access Program.
  Utilize Open Access Collection Database
  Open up your research potential by utilizing our open access content or integrating the open access collection into your library
  Consider Open Access Agreements
  For Libraries: consider no-cost or investment-level open access agreements with IGI Global to support your faculty's research endeavors.
  Search Funding Resources
  Looking for additional funding resources to support your open accesss endeavors? View industry resources compiled by our open access team.
  Review Open Access Policies & Ethical Guidelines
  Considering IGI Global to publish your work under open access? Review IGI Global’s open access policies and ethical guidelines
Publish with Us
Resources
- - Instructors
  - Course Adoption
  - Teaching Cases
  - K-12 Online Learning Collection
  - Authors and Editors
  - eEditorial Discovery^® System
  - Peer Review Process
  - Ethics and Malpractice
  - COPE Membership
  - Fair Use Policy
  - Open Access Publishing
  - FAQ
Catalogs
About Us
Newsroom

Data Security for Storage Area Networks

Tom Clark

Source Title: Handbook of Research on Information Security and Assurance

DOI: 10.4018/978-1-59904-855-0.ch038

OnDemand:

(Individual Chapters)

Available

$37.50

Current Special Offers

No Current Special Offers

Abstract

Data storage is playing an increasingly visible role in securing application data in the data center. Today virtually all large enterprises and institutions worldwide have implemented networked storage infrastructures to provide high performance input/output (I/O) operations, high availability access, consolidation of storage assets, and data protection and archiving. Storage area networks (SANs) are typically based on Fibre Channel technology and are normally contained within the physical confines of the data center. The security of this physical isolation, however, has proven inadequate to safeguard data from inadvertent or malicious disruption. Both established and emerging Fibre Channel and IP standards are required to secure the storage infrastructure and protect data assets from corruption or misappropriation. This paper provides an overview of storage networking technology and the security mechanisms that have been developed to provide data integrity for data center storage infrastructures.

Chapter Preview

Top

Introduction

Security in conventional data communications networks attempts to safeguard data access by implementing both authorization and encryption technologies. Authentication procedures verify that data access between two end points is approved. Encryption ensures that only bona fide senders and receivers will be able to render encrypted data intelligible. Conventional data security techniques are primarily focused on protecting data in flight, as it traverses the network from, for example, a server to a workstation. If the data in flight is intercepted, diverted or copied, the security breach may allow unauthorized access to or corruption of sensitive corporate or personal information.

For storage environments, data transactions between servers and storage arrays or tape devices are also vulnerable to in-flight interception. In addition, however, security for storage area networks must provide means to safeguard data at rest, that is, after the data is written to disk or tape. This added requirement has generated new security solutions that attempt to protect storage data through its entire cycle of data retrieval and repose. This paper examines the unique characteristics of SANs and security techniques required to safeguard storage assets.

WHY SANs?

Storage area networking is a technology that enables high availability and high performance access between servers and storage devices. First formulated as American National Standards Institute (ANSI) standards in the early 1990s and now widely adopted by all major institutions and enterprises, SANs have displaced earlier storage connections which bound individual storage arrays to individual servers. By placing both servers and storage assets on a dedicated network, it is possible to redirect storage access from one server to another, thus facilitating high availability data access. It also enables administrators to add additional storage capacity without disrupting on-going production.

SAN technology was originally based on the Fibre Channel protocol and transport. Fibre Channel was the first high performance transport to deliver the gigabit speeds required for moving large amounts of storage data. The common analogy differentiating storage networking from conventional LAN and WAN networking is that while LANs and WANs move cars (packets) of data along highway lanes, SANs move freight train loads of data over high performance channels. Today, Fibre Channel SANs can provide 4 Gbps and 10 Gbps performance, while the vast majority of LAN technologies are still implemented at 1 Gbps (Gigabit Ethernet) or 100 Mbps (Fast Ethernet) speeds to workstations, with 10 Gbps links providing the network backbone.

As shown in Figure 1, data center SAN configurations are typically deployed for high availability data access. Each server and storage array is connected to fabric directors or switches for alternate pathing. If an individual link, port or switch fails, servers still have access to their designated storage targets. Fibre Channel directors are designed to provide 99.999 percent availability, or ~ 5.39 minutes of downtime in a given year.

Figure 1.

A data center SAN provides alternate pathing for high availability

For moderate performance requirements, new IP-based storage network protocols such as iSCSI provide a means to move blocks of storage data over traditional TCP/IP network infrastructures. Given the notorious vulnerability of TCP/IP networks to disruption and latency, however, iSCSI must address the inherent contradiction between the deterministic performance required by storage applications and the indeterministic nature of IP networks. From a security standpoint, iSCSI is the beneficiary of decades of development of IP Security and other IETF standards that provide auxiliary mechanisms to safeguard IP data transport.

Because all applications and data ultimately reside on some form of spinning media, maintaining the high availability and integrity of storage data is fundamental to all IT operations. SANs have generated a wide spectrum of solutions for assuring continuous storage access, including server clustering, failover, point in time data copies, data backup, and disaster recovery. At the same time, SANs have helped reduce operational costs by facilitating consolidation of storage assets (fewer but larger storage arrays) and streamlining backup processes. The end-user value of SAN technology is so clearly established that every major enterprise world-wide is now running its storage data on the basis of a storage area network.

Key Terms in this Chapter

Fibre Channel: A set of industry standards defining a multi-gigabit block data transport

Binding: Creating an authorized association between two devices or switches

Fabric: A switched network typically based on Fibre Channel protocols

iSCSI: A de facto standard for transporting block data over TCP/IP

Zone: A group of devices or ports authorized to communicate with one another

Block data: Digital data organized as contiguous bits of a designated extent

SCSI: Small Computer Systems Interface. An architecture for block data I/O

Virtual Fabric: Partition of a single physical storage networking into logical networks

Storage array: An enclosure with controller logic and multiple disk drives for mass storage

WWN: Worldwide Name. A unique 64-bit identifier for Fibre Channel devices and entities

LUN masking: Concealing the existence of logical units from unauthorized servers

Storage area network: A dedicated network implemented between servers and storage

IPSec: IP Security. A set of IETF de facto standards for securing data over TCP/IP

LUN: Logical unit number. A predefined capacity of disk storage assigned to a server

Complete Chapter List

Search this Book:

Reset

MLA

APA

Chicago

Export Reference

Data Security for Storage Area Networks

Abstract

Introduction

WHY SANs?

Key Terms in this Chapter

Complete Chapter List