In a recent column, I discussed Fibre Channel security with consultant Himanshu Dwivedi of @stake Inc. The protocol simply wasnt designed with security in mind, he said. Consequently, Fibre Channel suffers inherent weaknesses in frames that render sessions susceptible to hijacking. (For more information, see “How Secure is Your SAN?”)
However, Dal Allen, president of storage consultancy ENDL Inc. of Saratoga, Calif., took issue with an aspect of Dwivedis analysis and offered a bit of back story to explain the lack of security in the Fibre Channel interface.
Back in the day, Allen was a member of the Accredited Standards Committee T11, formerly known as X3T11. “Looking at what eventually shipped, I have to agree with Dwivedi. But the architecture once included security,” Allen said. “The protocol was architected on the premise that if you couldnt access the frames you couldnt hack the network.”
“Early in the Fibre Channel development, experts from NSA, Department of Defense and other security agencies came in and made presentations. This resulted in security recommendations to the committee,” he recalled. “The net result of their efforts was a Security Header that preceded every frame. Unless authorized by a Security Server, a port could not even receive the frame, much less look at it in an intelligible form. There were also bits in the header to identify that the contents of the frame were either encrypted or compressed.”
“Unfortunately, at the time, Fibre Channel implementers skimped on their chips and excluded frame checking on all but the first frame of a Sequence (this is Fibre Channels term for the equivalent of a message). During an ill-advised frenzy of making the standard fit the implementations, the T11 committee members voted to dump the Security Header and the [hardware-based] encryption and compression features.”
However, Allen said, the lackluster security was eventually seen as a problem. “A year or so later the specter of security raised its head, and the committee started from scratch. Most of the security thats being standardized in Fibre Channel today is based on LAN principles.
“My hope for security was that if it was simple and easy, people wouldnt stress about it and they would implement it.” According to Allen, a hardware-based security scheme would have been more transparent to the user, permitting easier security. He said a quick, easy (and dirty) hardware solution could have addressed 90 percent of security issues, letting managers spend more time working on the other 10 percent. At the same time, he admitted that hes a “hardware guy,” who naturally would prefer hardware solutions over software ones.
“Dwivedis criticisms of Fibre Channel security today are valid and accurate,” Allen said. “But hes wrong in saying that nothing is being done about it because a lot is being done. Still, the big question is: When people get these tools, will they do anything about it anyway? Security is such a bear.”
Thats a side of human nature exposed by this weeks Blaster worm invasion. Microsoft offered a patch for the vulnerability in July, but many managers and consumers missed or ignored the warning. By the time the worm struck, they were out of luck, facing a super-slow response from Microsofts update site—or worse, a continuous reboot cycle.
In a similar way, many SAN managers are delaying an examination of their Fibre Channel security. Perhaps they should pay close attention to Blasters other name: LoveSan. Is that an omen or what?
David Morgenstern is a longtime reporter of the storage industry as well as a veteran of the dotcom boom in the storage-rich fields of professional content creation and digital video.
More from David Morgenstern: