18 Storage Security; Storage Security Threats; Security Attack Classes - HP StorageWorks 4000/6000/8000 - Enterprise Virtual Arrays Reference Manual

18 Storage security

This chapter describes storage security best practices. It describes the following topics:
Storage security
Storage security
Security technologies, page 402
HP security
Storage security best
Assessing security
HP storage security

Storage security threats

Securing SAN environments has become an increasingly important aspect of data security. IT
organizations face many security threats and must comply with numerous industry and government
regulations. In the past, IT organizations accepted that authentication issues were handled by the
network architecture; they were not responsible for SAN security.
The NSA IATF defines five security attack classes that you should consider when defining your solution
(Table 193).
Table 193 Security attack classes
Attack class
Passive
Active
threats, page 401
compliance, page 402
strategy, page 404
practices, page 406
risks, page 407
solutions, page 407
Description
Attacks that can disclose information to an attacker.
Passive attacks include:
Analyzing traffic
Monitoring unprotected communications
Decrypting weakly encrypted traffic
Capturing authentication information (passwords)
An example of a passive attack is the disclosure of information such as credit card numbers
and passwords.
Attacks that can disclose information, deny service, or modify data.
Active attacks include:
Attempting to circumvent or break protection features
Introducing malicious code
Stealing or modifying information
Attacking a network backbone
Exploiting in-transit information
Penetrating an enclave
Attacking when a remote user attempts to connect to an enclave
SAN Design Reference Guide 401