How Secure is Your SAN?
Some managers are taking a rather what-me-worry approach to the security of their storage area networks, according to security experts. That attitude could perhaps be excused, when enterprise storage was tucked away deep inside the corporate network and protected by the arcane architecture of storage networks. Now that storage resources are closer to the surface, however, managers may want to get serious about SAN security.
That will be part of the pitch from storage security consultant Himanshu Dwivedi at this weeks Black Hat USA 2003 conference in Las Vegas. The managing security architect for @stake Inc. will detail the concerns a briefing dubbed: Security Issues with Fibre Channel Storage Networks.
"Less than one of the major indices of security are met in Fibre Channel: theres no authentication, only weak authorization and no encryption," Dwivedi said. "In many ways, a Fibre Channel attack is easier and can get to data a lot more quickly. Now, thats interesting."
In his presentation, Dwivedi will point out the core security problems in Fibre Channel SAN architecture. The protocol simply wasnt designed with security in mind, he said. Consequently, Fibre Channel suffers an inherent weaknesses of frames that make sessions susceptible to hijacking, and the limited authentication available from worldwide naming, which is currently used when zoning a network.
During an interesting (and alarming) discussion about the issue last week, Dwivedi reminded me that when soft-zoning a SAN or masking LUNs (logical unit numbers), most security controls fall back on the worldwide naming for HBAs and devices. However, those names can easily be changed by the user.
"Spoofing the name is actually a feature of the device driver," he said, pointing out that many vendors provide a tool to customize the name. "Its surprisingly easy to gain access to data you shouldnt, in fact, its a lot easier to use the [FC] fabric than the IP access."
Among other recommendations to boost SAN security, Dwivedi said storage managers should segment SANs using so-called hard zoning instead of soft zoning; to avoid relying upon worldwide names to authenticate nodes; and to beware of exposing Fibre Channel frames to untrusted networks.
Certainly, the discussion surrounding storage security isnt new and Dwivedi pointed to products from Decru Inc. and NeoScale Systems Inc. as well as SSH Communications Security Corp.s QuickSec encryption toolkit for iSCSI developers.
At the same time, data stored on SANs has become more exposed. In the past, Fibre Channel technology was used for backup and dynamic file servers perhaps 4 to 5 levels deep inside an internal network. Nowadays, managers are leveraging their investment, making greater use of their SAN.
"Storage area networks are getting to the perimeter of the network, only one or two levels down," Dwivedi said. "If a file server or a Web server is compromised, thats an attack vector to the SAN. And its common in storage area networks to have several hundred machines with [both] FC and IP connections."
Still, many SAN integrators and customers have taken a wait-and-see approach to SAN security.
"Whether its storage or wireless, people dont believe all the [security] issues up front," Dwivedi said. "A lot of storage professionals think that all the attackers in the world are outside on the Internet, and theyre protected with their VPN, firewalls and encryption, so theres no way attackers can get into the storage area network. Sometimes that can be true, but mostly not."
This complacency has been enabled by the fact that most attackers dont have an understanding of Fibre Channel SAN architecture as well as by the high cost of HBAs. Still, Dwivedi warned that such "security by obscurity doesnt scale in an enterprise architecture."
Instead of being complacent about this lack of education on the part of everyday hackers, storage managers should view this situation as a grace period, letting us get a handle on the security problem. In fact, if you look hard enough, you can find similar quiet times before the widespread understanding of any security vector, including application-side buffer overruns, Internet worm attacks or IP spoofing. In each case, the industry delayed action, underestimating the diligence or perspicacity of the opposition.
Is there a security problem with SANs or not? Are you satisfied with the current state of your SAN security? Let me know what you think!
David Morgenstern is a longtime reporter of the storage industry as well as a veteran of the dotcom boom in the storage-rich fields of professional content creation and digital video.