Systematically address your #1 enterprise security gap: storage
Securing Storage is an indispensable resource for every storage and security professional, and for anyone responsible for IT infrastructure, from architects and network designers to administrators.
You’ve invested heavily in securing your applications, operating systems, and network infrastructure. But you may have left one crucial set of systems unprotected: your SAN, NAS, and iSCSI storage systems. Securing Storage reveals why these systems aren’t nearly as secure as you think they are, and presents proven best practices for hardening them against more than 25 different attacks.
Securing storage is crucial to protecting intellectual property and trade secrets and complying with regulations ranging from Sarbanes-Oxley and HIPAA to Gramm-Leach-Bliley and SEC Rule 17a4. This book offers a complete blueprint for protecting all your storage systems–and all the data stored on them.
Most enterprises have failed to adequately address one crucial component of IT security: storage. The storage industry has largely failed to deliver secure solutions, and many IT professionals simply assume that security can be handled elsewhere. The result is a gaping security hole: it’s now far easier for internal attackers to compromise storage devices than to attack applications or operating systems. Now, for the first time, one of the world’s top storage security experts systematically reveals the weaknesses in SAN and NAS security–and offers robust, practical solutions.
Drawing on years of leading-edge research, renowned storage architect and security researcher Himanshu Dwivedi explains why SAN and NAS systems have become an open target for unauthorized access and data compromise–and why “security by obscurity” strategies will fail to protect storage, just as they’ve failed elsewhere. Dwivedi offers expert, step-by-step guidance for evaluating your own storage environment, designing security into it, implementing storage security best practices, and optimizing the security settings on any shared storage device. He also presents a full chapter of real-world case studies.
• Recognizing vulnerabilities that arise from inadequate perimeter security
• Understanding where attacks on storage devices typically originate
• Testing storage network security and audit compliance
• Protecting against SAN attacks: WWN spoofing, name server pollution, session hijacking, zoning hopping, e-port and f-port
replication, LUN mask subversion, and more
• Protecting NAS systems against attacks on Windows CIFS and Unix/Linux NFS protocols
• Defending against iSCSI attacks, from iQN spoofing to CHAP message reflection and offline password brute forcing
• Securing individual Fibre Channel and iSCSI SANs, NAS devices, and more
About the Author.
1. Introduction to Storage Security.
I. SAN SECURITY.
2. SANs: Fibre Channel Security.
3. SANs: LUN Masking and HBA.
4. SANs: Zone and Switch Security.
II. NAS SECURITY.
5. NAS Security.
6. NAS: CIFS Security.
7. NAS: NFS Security.
III. ISCSI SECURITY.
8. SANs: iSCSI Security.
IV. STORAGE DEFENSES.
9.Securing Fibre Channel SANs.
10. Securing NAS.
11. Securing iSCSI.
V. SAN/NAS Policies, Trends, and Case Studies.
12. Compliance, Regulations, and Storage.
13. Auditing and Securing Storage Devices.
14. Storage Security Case Studies.