Systematically address your #1 enterprise security gap: storage
Securing Storage is an indispensable resource for every storage and security professional, and for anyone responsible for IT infrastructure, from architects and network designers to administrators.
You’ve invested heavily in securing your applications, operating systems, and network infrastructure. But you may have left one crucial set of systems unprotected: your SAN, NAS, and iSCSI storage systems. Securing Storage reveals why these systems aren’t nearly as secure as you think they are, and presents proven best practices for hardening them against more than 25 different attacks.
Securing storage is crucial to protecting intellectual property and trade secrets and complying with regulations ranging from Sarbanes-Oxley and HIPAA to Gramm-Leach-Bliley and SEC Rule 17a4. This book offers a complete blueprint for protecting all your storage systems–and all the data stored on them.
Most enterprises have failed to adequately address one crucial component of IT security: storage. The storage industry has largely failed to deliver secure solutions, and many IT professionals simply assume that security can be handled elsewhere. The result is a gaping security hole: it’s now far easier for internal attackers to compromise storage devices than to attack applications or operating systems. Now, for the first time, one of the world’s top storage security experts systematically reveals the weaknesses in SAN and NAS security–and offers robust, practical solutions.
Drawing on years of leading-edge research, renowned storage architect and security researcher Himanshu Dwivedi explains why SAN and NAS systems have become an open target for unauthorized access and data compromise–and why “security by obscurity” strategies will fail to protect storage, just as they’ve failed elsewhere. Dwivedi offers expert, step-by-step guidance for evaluating your own storage environment, designing security into it, implementing storage security best practices, and optimizing the security settings on any shared storage device. He also presents a full chapter of real-world case studies.
• Recognizing vulnerabilities that arise from inadequate perimeter security
• Understanding where attacks on storage devices typically originate
• Testing storage network security and audit compliance
• Protecting against SAN attacks: WWN spoofing, name server pollution, session hijacking, zoning hopping, e-port and f-port
replication, LUN mask subversion, and more
• Protecting NAS systems against attacks on Windows CIFS and Unix/Linux NFS protocols
• Defending against iSCSI attacks, from iQN spoofing to CHAP message reflection and offline password brute forcing
• Securing individual Fibre Channel and iSCSI SANs, NAS devices, and more
Download the Sample
Chapter related to this title.
About the Author.
1. Introduction to Storage Security.
I. SAN SECURITY.
2. SANs: Fibre Channel Security.
3. SANs: LUN Masking and HBA.
4. SANs: Zone and Switch Security.
II. NAS SECURITY.
5. NAS Security.
6. NAS: CIFS Security.
7. NAS: NFS Security.
III. ISCSI SECURITY.
8. SANs: iSCSI Security.
IV. STORAGE DEFENSES.
9.Securing Fibre Channel SANs.
10. Securing NAS.
11. Securing iSCSI.
V. SAN/NAS Policies, Trends, and Case Studies.
12. Compliance, Regulations, and Storage.
13. Auditing and Securing Storage Devices.
14. Storage Security Case Studies.
The storage industry is missing the mark in terms of security, data protection, availability, integrity, and compliance. The absence of security in storage makes it an open target for unauthorized access and data compromise. The most prominent security control for storage networks is the lack of knowledge many attackers have about the technology. Lack of knowledge, or better known as security by obscurity, never stands the test of time as shown in other technologies affected by security, such as application development, voice over IP, wireless, and even electronic voting stations. Furthermore, security by obscurity never passes a governmental compliance test for data protection or integrity.
The book's primary goal is to discuss security weaknesses and acceptable solutions for Storage Area Networks (SANs) and Network Attached Storage (NAS). The book will discuss the mechanisms to evaluate your own storage network, design security into storage networks, and implement security settings on common storage devices. The book will also cover the standard practices for securing storage by discussing strategies that will minimize security weaknesses in SAN and NAS architectures.
Before we dive deeper, let's define storage security for a moment. Security is an entity that can be applied to different things, such hosts, devices, networks, and communication mediums. Security can also be applied in several methods, such as encryption, access controls, authentication, checksums, logging, or dedicated products. Similarly, storage is an entity that is also applied in many ways. It can be applied as media (tapes, CD-ROMs, disk drives, USB drives), a communications medium (Internet Protocol, Fibre Channel, iSCSI), or even a network (Network Attached Storage or Storage Area Networks). Based on their different descriptions, security and storage traditionally are two items that are not usually paired together. Storage concentrates on holding data, while security concentrates on protecting data. Nevertheless, it is interesting that both entities address data needs and concerns, yet have not been addressed in a complementary fashion.
There are several reasons why security and storage are two strangers. One incorrect assumption is that storage does not need security because it already has been addressed elsewhere in a network, which unfortunately is not true. It is often unnoticed that it is easier for internal attackers to compromise storage devices when compared to applications or operating systems. For example, unlike most applications and operating systems, many storage devices do not even require authentication to get access to large volumes of data, a fact that would never pass on most security audits. Furthermore, if an internal server has ever been affect by a virus or worm, the perimeter of the network is probably not as secure as a Visio document may picture it to look. The fact is the network perimeter has disappeared with the advent of wireless networks, remote VPN users, site-to-site VPNs with business partners, back-end support connections, and internal unauthorized users such as contractors/consultants. This fact, combined with the large amount of internal data heists occurring every month, make storage a prime target of attackers. Compliance entities have also realized that data is not protected adequately and its integrity is at risk on the storage network.
It is often overlooked that perimeter security controls are easily subverted to gain access to entities connected to the storage network, thus creating an open gateway. It is also assumed that unauthorized users attack from their own machines, but actually they attack from compromised management servers, administrator workstations, or compromised applications. Another assumption is that if any entity, such as an application data owner, can gain access to the stored data, they must have been authorized to do so; thus, having the ability to access data equates into the authorization to access data, again simply not true (especially for regulated data). For example, if an Exchange administrator has access to the Exchange server, it does not mean that he or she is authorized to read everyone's email. Furthermore, the ability for unauthenticated users to connect directly to the storage network and view, copy, and delete data does not mean all users should have that authority. The assumptions also carry over to different organizational groups. Security groups are often preoccupied with network and application attacks to fully understand the high risks of insecure storage. Additionally, the storage group's lack of information security background combined with their focus on performance and capacity concerns make security a neglected entity. All these assumptions and groups make it hard to realize that a large amount of data is sitting wide open in the storage network for anyone to compromise.
The book will cover three primary themes. The first theme is to provide guidance and assessment techniques for storage networks. The second theme is to provide testing procedures for SAN and NAS architectures. The third theme of this book will discuss the security solutions for each attack class and security exposure currently presented on storage networks and devices. The book will discuss many security specifications and industry standards and how they affect storage security overall.
Data from the storage network is being presented to applications and hosts in all parts of the network, which do not hold a high level of security. For example, a Fibre Channel SAN may be connected to a web or database cluster that is available to the Internet or internal network, allowing a single comprised web/database server to be the gateway to the SAN. If the SAN was using iSCSI, the storage device would be easier to break into. The attacker would only need to connect to the IP network and connect to the iSCSI storage device, bypassing the database application and web server all together. Furthermore, a NAS device might be holding medical data (patient information) that can be assessed by authorized doctors; however, it is also stored in clear-text, allowing any system administrator to access the sensitive data.
The need for SAN and NAS security is long overdue. This book will describe the specific implementation steps to deploy SAN and NAS security options, while also discussing the different ways to fully optimize current storage architectures. This book can also be used by organizations that have deployed a storage network and are interested in learning more ways to secure it.
The other difference between file-level data and block-level data is that file-level data (NAS devices) contain multi-system support and block data blocks usually do not. Multiple machines or users can access the same remote file system (NFS or CIFS) at the same time as long as it is formatted to the correct file system time (such as NTFS or FAT for Windows). On the other hand, block data is not necessarily meant to have multiple systems connected to a single block of data at the same time. (Note: Some Fibre Channel and iSCSI SANs do support multiple connections to the same block data, but it is not the default.) It would be difficult for a single hard drive to have two IDE or SCSI ribbons connected to two separate servers; similarly, block data does not usually have multiple servers connected to it at the same time. It is possible for multiple systems to connect to the same block data repository over iSCSI or Fibre Channel; however, it results in a denial-of-service problem because two separate servers are trying to mount the same block data. Until one of the servers stops sending requests for the block data, the other will not be able to access it either.
The key idea to understand with either file or block data is that they are both data targets that contain large amounts of data viewable to any attacker or unauthorized user. File data is what most systems are accustomed to. Block data, however, is just as valuable to an attacker (if not more) since it contains large volumes of data but in block format, which is just as easy to mount and read as file-level data but requires different mounting and reading steps.
This book's primary attraction is its ability to discuss, demonstrate, and prioritize the storage security issues that every organization faces. The book will not use high-level or abstract language and fail to provide any details, but rather provide an abundant amount of security details to allow readers to finally understand what the real issues are with storage security and how they can asses the risk for themselves. The book will also provide details to distinguish the high-risk/high-impact issues versus low-risk/nominal-impact issues.
A key purpose for the book is to provide a clear understanding of the technology. Storage security is a relatively new industry and can be an overwhelming topic. Several years ago when I began researching storage and security, there were no storage security products, web sites, or whitepapers about storage security. There were only a few people willing to talk to me about the seriousness of storage security. Years later, there is not only an entire industry on securing storage, with large companies like Symantec and Veritas merging together, but with its new popularity, there is a lot more confusion.
The need to secure storage is important on many levels. From a security perspective, many organizations (and their security departments), are not aware of the data protection issues surrounding storage. From the storage perspective, many storage administrators are unaware of the security issues that will affect system uptime and data availability.
Another reason why storage security is needed is for the ease of comprehension. There are many sources that discuss attack classes in storage, but a few actually provide risk exposure descriptions. A key goal of this book is not to force arbitrary risk levels on your organizations, but to describe the threat vector and attack surface in detail and allow readers to deduce their own risk based on the outcomes of these possible attacks. Readers will find out that security attacks don't change, but get modified and improved (just like viruses and worms). History has shown that attack classes that affected networks in the 1990s will also affect applications in the 2000s. Similarly, the same attack classes, such as segmentation weakness, poor session maintenance, and poor authentication, have also affected storage networks. However, a successful attack on storage equates to data loss or outright compromise.
The completion of this book will provide a very detailed guide of securing storage and understanding attacks.
Government regulations primarily focus on security controls and auditing practices. A key issue for many storage networks, devices, and protocols is their lack of any security controls to protect data at-rest or in-flight. Additionally, government regulations don't decipher the difference between controls against outside attackers versus malicious internal employees. The fact that data is easier to compromise on a storage filer versus an operating system only adds to the storage security problem.
Regulations have highlighted an overlying issue of data protection. Data, whether it is financial data, non-public private information, or medical data, needs to be protected from unauthorized external and internal entities at all times. Government regulations have only helped raise the concerns that have existed since the first SAN or NAS network.
Best practices can be best described as items that are a prerequisite in order to deploy an acceptable amount of security in any given entity. Some of the sample best practices to secure storage are as follows:
The book is targeted toward readers who want to learn the common "how-tos" of securing storage. Readers requiring an essential reference guide can use the book as their primary resource. Generally speaking, this book is targeted for three types of individuals:
The book's audience will range from novice readers who are looking for the basics behind storage architectures, networking, and LANs, to moderately skilled administrators looking to gain information on Fibre Channel communication, iSCSI, and Internet Protocol.
Readers will benefit from the book in several different ways. First, readers will be able to remove the confusion from securing storage. Readers will be able to qualify the risk of their storage network with a clear description of the security issues in storage. Readers will also learn the security principles for designing, testing, and evaluating storage networks. Several chapters have hands-on self-assessment steps for critical security threats and vulnerabilities. Additionally, best practices security measures are discussed in the context of data availability, integrity, and compliance requirements. Finally, readers will understand the security concerns for storage and be able to determine the impact of each issue.
This book will provide readers with the data center's guide to analyzing, testing, and implement SAN and NAS security. This book will cover common "how-tos," provide the all-essential "reference steps," and provide recommendations for storage security best practices.
The book is not necessarily meant to be read from start to finish, but instead can be a quick reference, where individual chapters are self supporting without knowledge of prior chapters. For example, if a reader needs to understand how to secure a brocade Fibre Channel switch, he can turn directly to Chapter 4, "SANs: Zone and Switch Security." The book can provide insight for the following types of individuals:
The first three parts discuss core issues with SAN and NAS security, attacks against SAN and NAS devices, and SAN and NAS security solutions. These chapters target some of the most important topics in securing storage, as well as testing procedures for each attack class.
Chapter 1 begins with an overview of storage security, covering its basic premise, the problems encountered, typical uses, and future trends. Additionally, an overview of security and storage standards is discussed.
Chapters 2 through 4 discuss SAN security risks, including weaknesses of Fibre Channel (FC) and adjoining devices, such as switches and host-bus adapters (HBAs). Additionally, these chapters discuss SAN attacks, self-assessment steps (which allow readers to perform checks against their storage architecture), and mitigating solutions.
Chapters 5 and 7 are similar to Chapters 2 through 4, but focus on NAS architectures instead of SANs. Chapter 5 discusses the risks associated with NAS storage devices using IP protocols such as NFS and CIFS.
Chapters 6 and 7 discuss CIFS and NFS security issues, attacks, self-assessment steps, and mitigating solutions for storage architectures.
Chapter 8 discusses iSCSI security, including an overview of iSCSI communication, risks associated with iSCSI storage devices, and a discussion of the iSCSI attacks.
Part Four of the book focuses on storage defenses. Chapter 9 is a discussion on securing Fibre Channel SANs, Chapter 10 discusses the security of NFS/CIFS NAS, and Chapter 11 discusses the methods to secure iSCSI SANs. These chapters concentrate on how to take existing storage devices and ensure that they secure themselves. Part Five of the book shifts focus from SAN and NAS security risks and attacks, to larger storage security issues, such as emerging security technologies, regulations, and case studies. These three chapters discuss security from the adherence perspective, both from the governmental aspect as well as from best practices. Chapter 12 discusses some of the major governmental policies that affect storage architectures. Chapter 13 discusses how to audit your storage network based on the government compliances and security best practices. Finally, Chapter 14 is a discussion of real-world case studies in storage environments. Examples describe SAN and NAS architectures with the optimal amount of security and functionality.
The book discusses the security weaknesses, threats, exploits, and attacks of storage systems, networks, and technologies in Chapters 2 through 8. After the discussion is complete, the book discusses the mitigating solutions of each prior attack identified in Chapters 9 through 14. The reason for a deep discussion of the attacks is because it is very difficult to discuss solutions only without any context of the problem. Although some vendors will not appreciate the fact that this book exposes problems, it is not written to embarrass any vendor or to prevent end-users from adopting storage devices, but instead to show organizations why certain security mitigations and solutions need to be in place when deploying a storage network. For example, after a virus infects a user's machine, it is easier to discuss why anti-virus software and host hardening procedures are very important items. The same idea applies to storage. Organizations will understand why taking active steps to secure storage is important after reviewing the attacks in Fibre Channel, iSCSI, CIFS, and NFS.
The book makes an attempt to classify the risk of each identified problem; however, the discussion is limited because risk is best measured when applied to specific scenarios and not generic examples. Many attacks shown in this book can be classified as low risk, but they are still discussed to expose the reader to the security problem. Conversely, many attacks shown in the book are also high risk and are shown to its full extent and detail.
The book is not vendor specific, but rather protocol specific (Fibre Channel and iSCSI for SANs and NFS and CIFS for IP NAS).
The book holds storage systems, networks, and protocols to the same standard of security as operating systems, wireless networks, and application security. Storage security strengths are discussed to show the reader the positive security aspects of storage; however, it also shows failed or poor security attempts in storage systems, networks, and protocols. The book does not give storage devices/networks any "breaks" since it is an emerging technology. Any system and/or network that controls a large portion of an organization's data must be held to the same high security standard expected from operating system vendors or even application product vendors.
Finally, the book is written in the context of full disclosure. The goal is to allow each reader to receive enough information to read, perform, and analyze each security problem and each discussion about the mitigating solution. This model should allow the reader to make risk acceptability decisions based on their own storage environment.
Download the Index
file related to this title.