Ip San Security Technologies; Fibre Channel San Security Technologies; Encryption Security Technologies - HP StorageWorks 4000/6000/8000 - Enterprise Virtual Arrays Reference Manual

IP SAN security technologies

IP SAN technologies includes NAS, iSCSI, and FCIP. IP SAN security is achieved through the following:
CHAP
IPsec
CHAP
CHAP uses a three-way handshake to ensure validity of remote clients. It is more secure than the PAP.
A summary of the CHAP process follows:
1. Once the server is connected, it sends a challenge message to the peer.
2. The peer responds by sending a value generated by a one-way hash function.
3. The server compares this value to its own generated value.
4. If the values match, the connection is allowed to continue; if they do not match, the connection
is terminated.
5. To ensure the validity of the peer, the server sends challenge messages at random intervals and
changes the CHAP identifiers frequently.
IPsec
IPsec uses an open-standards framework to protect data transmission over IP networks. It uses
cryptographic security services.
IPsec supports:
Network-level peer authentication
Data-origin authentication
Data integrity
Data encryption
Replay protection
Microsoft bases its IPsec implementation on the standards developed by the IETF IPsec working group.

Fibre Channel SAN security technologies

Fibre Channel SAN security is achieved through the FC-SP.
FC-SP
FC-SP protects in-transit data—it does not protect data stored on the Fibre Channel network. FC-SP is
a project of the Technical Committee T11, within the International Committee for Information Technology
Standards, which is responsible for developing Fibre Channel interfaces (see http://www.t11.org).
FC-SP uses:
Authentication of Fibre Channel devices (device-to-device authentication)
Cryptographically secure key exchange
Cryptographically secure communication between Fibre Channel devices

Encryption security technologies

Encryption security is achieved through the DES, AES, and key management.
SAN Design Reference Guide 403