preview

SAN Architecture Analysis

Better Essays
In [1], the SAN architecture is discussed with analysing the threats and risks to the system. Also discussed the security approaches for enhancing the data security framework of SAN.
The paper describes that there are five classes of threats. Which are passive, active, close-in, insider, distribution. Passive attacks comprise of traffic analysis and monitoring of communication. Active attacks comprise of attempt to break protection. Insiders attacks comprise of eavesdrop or steel information. Distribution attacks focus on the malicious modification of hardware or software during distribution.
Threats are further divided into three levels. First level of attack is due to accidents or mistakes, second level of attacks is simple malicious attack, third level of attack is large scale attack which is usually from the outside source.
The paper describes the security techniques which are listed below:
1. Access control (Zoning & LUN Masking): Zoning is switch function by creating a logical, closed path from the server to the storage array.
2. Intrusion detection system (IDS): Detection and prevention of attacks by monitoring file, file attributes, auditing and logging of file access information.
3. Cryptography: convert the content of data into another form by adding some extra string.
4. Authentication and Authorization: Authentication is the process of verifying the correct person. And authorization is the process of controlling the access and rights into resources and file
5. Fibre channel security: Due to weakness in the Fibre channel frame, several attacks are possible, in which Man-in-Middle attack is more specific and dangerous.

2.1 SAN ZONING
Storage Area Network Zoning (SAN Zoning) is used to logically group the hosts and s...

... middle of paper ...

... already known a target’s address even if they are not in the same zone, the initiator can still access the target. Moreover, when we use name server-based zoning to control every approaching frame, it will add more delay in the switch software level. So, name server-based zoning scheme is the least recommended. But we could make use of the benefit of name server-based zoning to think about zoning problem.
2.2 ROLE-BASED ACCESS CONTROL (RBAC):
RBAC is based on the roles that user assumes in a system rather than the user’s identity. RBAC systems assign access rights to roles instead of individual users. According to their responsibilities, Users are assigned to different roles, either dynamically or statically.
In RBAC, the relationship between users and roles is many-to-many and the relationship between the roles and resources or system objects is also many-to-many.
Get Access