Security in a DAS environment is provided by the host to which the storage is attached. Securing the management interface and storage utilities is important to securing the storage. Security in a networked storage environment is more complex. NAS and SANs are vulnerable to the same types of attacks as IP networks. Fibre Channel SANs lack many basic security features. LUN masking and zoning are used to provide security for a Fibre Channel SAN but are weak. Virtual SANs, LUN locking, and encryption appliances supplement native controls in a SAN. NAS and iSCSI SANs take advantage of existing IP security techniques. The dominance of host-level, as opposed to user-level, authentication is still a problem for NAS and iSCSI. Isolation of the storage and management interfaces from the LAN and WAN is an important technique, whether it is physical or virtual.
|