What IT Auditors Should Know About SAN Security - PowerPoint PPT Presentation

Loading...

PPT – What IT Auditors Should Know About SAN Security PowerPoint presentation | free to view - id: 3392-YTRiO



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

What IT Auditors Should Know About SAN Security

Description:

A SAN usually contains an organization's most critical data, all centralized ... Legislation and compliance may drive organizations to address SAN security ... – PowerPoint PPT presentation

Number of Views:135
Avg rating:3.0/5.0
Slides: 39
Provided by: RogerBo
Category:
Tags: san | auditors | know | san | security

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: What IT Auditors Should Know About SAN Security


1
What IT Auditors Should KnowAbout SAN Security
  • Jose Carreon
  • Security Technologies
  • Brocade

2
Agenda
  • The SAN Security Landscape
  • SAN Security Principles
  • SAN Security Myths
  • Protecting Against Evolving Threats
  • Defense Security Strategies
  • Auditing Your SAN
  • Other SAN Security Features and Functionality
  • Fabric-based Encryption for Data-at-Rest
  • Summary

3
Legal Disclaimer
  • All or some of the products detailed in this
    presentation may still be under development and
    certain specifications, including but not limited
    to, release dates, prices, and product features,
    may change. The products may not function as
    intended and a production version of the products
    may never be released. Even if a production
    version is released, it may be materially
    different from the pre-release version discussed
    in this presentation.
  • NOTHING IN THIS PRESENTATION SHALL BE DEEMED TO
    CREATE A WARRANTY OF ANY KIND, EITHER EXPRESS OR
    IMPLIED, STATUTORY OR OTHERWISE, INCLUDING BUT
    NOT LIMITED TO, ANY IMPLIED WARRANTIES OF
    MERCHANTABILITY, FITNESS FOR A PARTICULAR
    PURPOSE, OR NONINFRINGEMENT OF THIRD PARTY RIGHTS
    WITH RESPECT TO ANY PRODUCTS AND SERVICES
    REFERENCED HEREIN.
  • Brocade, the Brocade B-weave logo, McDATA, Fabric
    OS, File Lifecycle Manager, MyView, Secure Fabric
    OS, SilkWorm, and StorageX are registered
    trademarks and the Brocade B-wing symbol and
    Tapestry are trademarks of Brocade Communications
    Systems, Inc. or its subsidiaries, in the United
    States and/or in other countries. FICON is a
    registered trademark of IBM Corporation in the
    U.S. and other countries. All other brands,
    products, or service names are or may be
    trademarks or service marks of, and are used to
    identify, products or services of their
    respective owners.

4
SAN Security The SAN Security Landscape
  • SANs are evolving in parallel paths that LANs
    have evolved
  • Security was not an issue in the early days of
    LANs either until
  • Historically, security administrators have not
    considered storage and SANs
  • Historically, storage administrators have not
    considered security
  • There is a gap between storage and security

5
SAN Security Why SAN Security
  • A SAN usually contains an organizations most
    critical data, all centralized into one
    convenient location
  • The importance of this data is simply too high to
    ignore security even if the risk is perceived
    to be low
  • There are vulnerabilities which can be exploited
    if not configured properly
  • The biggest threats to a SAN are from insiders
    malicious or otherwise
  • Legislation and compliance may drive
    organizations to address SAN security
  • As Security breaches have to be made public (US),
    loss of trust is a big issue

6
Targets
  • These are the devices and resources aimed during
    an attack, typically, the following elements are
    at risk in a SAN
  • Management Interfaces
  • IP can be sniffed easily
  • Passwords/Accounts
  • HBA
  • WWN can be spoofed easily (intentionally or not)
  • LUNs
  • LUNs can be made visible to unauthorized users
  • Dark Fiber
  • Fiber optic cables can be sniffed undetected
  • Switches/Directors
  • New switches can be added to fabric easily
  • Improperly configured switches can expose the SAN

7
Attackers
  • The attacker mentality is multi-dimensional and
    complex but they usually have several common
    characteristics
  • They do not want to get caught
  • They will usually use the path of least
    resistance seek weakest link
  • They want to get the most value for their
    efforts
  • Personal satisfaction
  • Bragging rights
  • Financial gains

8
Attacker Motivation
  • Not getting caught seems like an obvious
    characteristic but some attackers eventually get
    to a point where they are under such pressure
    from the authorities, they may actually seek to
    get caught. This could also provide them with
    notoriety in some cases (Frank Abagnale Catch
    Me If You Can).
  • Seeking for the weakest link is part of an
    attackers methods to successfully penetrate a
    system. A system is only as strong as its
    weakest link

9
Attacker Motivation
  • There are many motivational factors to conduct an
    attack. Script kiddies are renowned to just
    browse around and say that they broke into a
    system (MafiaBoy was eventually caught by
    bragging online).
  • Today, organized crime and terrorists are getting
    involved in cybercrime since the financial gains
    can be highly rewarding (T.J. Maxx credit card
    scandal - Secret Service agents found TJX
    customers' credit card numbers in the hands of
    Eastern European cyber thieves Breach costs
    have been estimated at 216M as of October 2007)

10
SAN Security Principles
  • Jose Carreon
  • Security Technologies

11
SAN Security
  • SANs using the FC protocol are more secure than
    TCP/IP-based LANs
  • Physically isolated from the LAN and outside
    world
  • FC protocol is less well known than TCP/IP
  • Insider (malicious, non-malicious) attacks are
    the most prevalent forms of security threats in
    SANs.
  • However, these are not the only vulnerabilities
    in SANs...In fact, there are many widely believed
    myths surrounding SAN security

12
SAN Security Myth 1
  • Myth SANs are secure because they are an
    isolated network in a closed, physically secure
    environment.
  • Reality Most security incidents are attributed
    to insiders, malicious or otherwise. Being
    isolated and closed does not protect against
    insiders.

13
SAN Security Myth 2
  • Myth Fibre Channel SANs do not use IP, and the
    Fibre Channel protocol is not well known by
    hackers.
  • Reality All Fibre Channel switches use IP for
    their management interface. Some SANs use FCIP
    over distance.

14
SAN Security Myth 3
  • Myth You cant sniff optical fiber without
    cutting it first.
  • Reality You can tap into optical fiber using a
    clip-on fiber coupler for around 500 (eBay). A
    microbend allows light to leak out, detected by a
    photosensor.

15
SAN Security Myth 4
  • Myth SANs are not connected to the Internet so
    there is no risk from outside attackers.
  • Reality Many organizations have mail and Web
    servers in a DMZ that have SAN-attached storage.

16
SAN Security Myth 5
  • Myth You have to sniff and decode multiple
    protocol layers (FC, SCSI, Volume,
    Filesystem/Database, File) to get to some useful
    information.
  • Reality How many credit card numbers fit into a
    single FC frame?

17
SAN Security Myth 5
18
Protecting Against External Threats
  • All external threats are malicious
  • Focus is on securing the management interfaces
    and properly isolating the SAN from the outside
    world
  • SAN-attached servers in a DMZ can expose a SAN to
    the outside world

19
Protecting Against Internal Threats
  • By far, insiders pose the greatest threat to a
    SAN malicious or otherwise
  • Incidents caused by insiders usually cause the
    greatest damage and have the most impact on an
    organization
  • Protecting against authorized insiders is very
    difficult
  • Focus is on limiting opportunity, monitoring,
    controls and logging mechanisms

20
Protecting a SAN
  • SAN security must address both people and
    technical vulnerabilities
  • Identify the risks and vulnerabilities (audit)
  • Develop a SAN security policy
  • Develop and document secure SAN operations
    procedures
  • Harden with multiple layers of protection
  • Train staff on SAN security and raise storage
    security awareness

21
Defense-In-Depth Strategy
  • Physical security
  • Operation and management procedures
  • Password and user management
  • Create risk domains
  • Control device access
  • Logging and change management
  • Auditing
  • Security training and awareness
  • Data encryption

22
Physical Access and Security
  • Secure access to switches/directors
  • Monitor and control access to computer room
  • electronic access card (or other secure access
    methods)
  • single sign-on
  • piggyback prevention
  • biometrics
  • onsite personnel
  • Alarm system (fire and break-in)
  • Surveillance cameras
  • Lock individual racks
  • Dual fabrics should be in separate racks with
    physical separation

23
Operations and Management Procedures
  • Develop a SAN security policy (integrate with IT
    security policy)
  • Develop operation procedures
  • Use tight employee hiring and dismissal
    procedures
  • Secure all management interfaces
  • Disable unused and unsecure services
  • Use telnet timeout
  • Back up configuration files automatically
  • Review firmware levels regularly and read release
    notes
  • DR/BC procedures
  • Incident Response Plan

24
Password and User Management
  • User Accounts
  • Use strong password policies
  • Use unique personalized accounts instead of
    shared super accounts (admin, root)
  • Restrict roles (RBAC) where appropriate
  • Password Policies
  • Change default passwords
  • Use strong password policies
  • Centralize account management (RADIUS, LDAP)
  • Threat example Time bomb on a management server

25
Create Risk Domains
  • Physical
  • Physically isolate critical or sensitive systems
    where appropriate using separate fabrics
  • LSANs can provide isolation and controlled
    sharing
  • Logical
  • Use zoning (hardware-enforced pWWN)
  • Use LUN masking
  • Use Virtual Fabrics/Administrative Domains

26
Control Device Access
  • Persistently disable unused ports
  • Persistently disable E_Port connectivity
  • Use Access Control Lists (ACLs) to define devices
    allowed to join fabric (FCS, DCC, SCC, IP
    Filter)
  • Use device and switch authentication
    (DH-CHAP/FC-SP) for more sensitive environments
    to prevent WWN spoofing

27
Logging and Change Management
  • Use NTP to synchronize logs
  • Redirect syslogd to a central server
  • Enable Event Auditing feature
  • Enable Track Changes feature
  • Back up logs and configuration files
    automatically
  • Monitor logs regularly

28
Education and Awareness Training
  • Raise SAN security awareness
  • Entire team needs to understand the policies
  • Entire team needs to be familiar with basic
    security concepts
  • Continuing education to keep up with technology
    changes

29
Auditing Your SAN
  • There are no established standards for SAN
    security although the SNIA SSIF has an excellent
    Current Best Practices (CBP) Guide
  • The IT Security Policy should also include the
    SAN
  • Audit against existing SAN security policy
    ideally integrated into existing IT Security
    Policy
  • Self-audit develop a process and evaluation
    criteria based on policy
  • Third Party Audit Outside agencies have a
    different, neutral perspective and established
    audit standards
  • Recognized experts know the latest threats and
    countermeasures
  • Audit regularly at least yearly

30
Other SAN Security Features
31
Data Destruction
  • Risk Storage media containing data may be
    exposed to the outside world
  • Data-critical mass
  • Call-home disk repair can be an exploit
  • Data destruction/retention policy
  • Degaussing
  • Electronic shredding
  • Physical shredding/crushing

32
Data Encryption
  • Stolen or lost laptops and tape media are making
    headlines
  • By the time you are in the front page of any
    newspaper it is to late
  • Protecting Personally Identifiable Information
    (PII) is a huge concern for corporations and
    government
  • Unencrypted PII is highly vulnerable
  • Legislation and compliance, such as HIPAA, GLBA,
    PCI and California SB 1386 (and the likes), may
    drive encryption of PII

33
What to Encrypt
  • Encryption can occur in-flight or at-rest
  • Data-in-flight encryption is used when exchanging
    information over distance
  • Data-at-rest encryption is used to protect the
    confidentiality of information stored on a
    storage media (disk or tape)
  • Business requirements will determine what you
    need to encrypt
  • Biggest issue is how to manage the encryption
    keys
  • Multiple key management solutions are usually
    required to manage data-in-flight, disk and tape
    encryption

34
Why encryption in the SAN?
  • Protecting the most valuable corporate digital
    asset the Data
  • Ensure the privacy and integrity of data while in
    flight and when at rest
  • Choice to encrypt all data to increase the
    efficiency at the storage fabric level and reduce
    internal risks
  • Achieve regulatory compliance
  • Encrypting at the SAN provides
  • Flexibility to encrypt anywhere on the network
  • Storage vendor independence
  • Single key management solution for tape, disk and
    data-in-flight

35
Brocade Fabric-Based Encryption for Data-at-Rest
  • Brocade Solution
  • All data moves through the SAN
  • Central point of management
  • Plug-in Encryption Services (Non-disruptive)
  • Central key management is critical
  • Deliver scalable solution via Encryption Switch
    or Blade
  • Availability second half 2008

36
Brocade Security Engagements
  • SAN Security Assessment and Training
  • SAN Hardening
  • Develop Secure Operations Procedures
  • Design SAN Security Policy
  • Design SAN Security Incident Response Plan
  • SAN Security Resident Consultant
  • SAN Encryption Solution Services

37
Summary
  • SANs have similar security requirements as LANs
    and the SAN security policy should be integrated
    into the IT security policy
  • Technical countermeasures are an important
    component of any security program however a
    holistic approach is better. A defense-in-depth
    strategy must be utilized to protect a SAN and
    the data it contains
  • Importance of education and awareness
  • Regular SAN security audits to keep up with
    technology
  • SAN security policies integrated with IT
    policies
  • Documented operations procedures

38
THANK YOU
Jose Carreon Security Technologies
About PowerShow.com