Every network administrator is faced with security issues on a daily basis, and those sysadmins who manage a Storage Area Network (SAN) are no different. SAN security issues are as serious as other network security issues, and due to the nature of the SAN architecture will present a problem for network administrators. SAN’s can be connected to the network by a number of different protocols. There are a number of protocols in operation on every network, and the need for a secure and efficient protocol for SAN use is paramount.
The current options for running a SAN are to use standard TCP/IP protocols namely the Internet Small Computer System Interface (iSCSI) protocol, or to use a specific protocol called FCP which usually operates over bespoke fiber infrastructure. In the case of FCP security is not as important as on a TCP/IP based SAN network, because data is sent across a secure fiber link. However when dealing with TCP/IP based SAN network traffic, encryption needs to be used as these packets can be visible along with all the other network traffic.
This means in the case of a security breach, and some particular software being used to sniff and read packet data, the security of the actual data is paramount (Cook, 2003). The kind of information stored in a business database is either confidential or personal, which makes securing this information critical when operating a secure network. This will be the greater problem in the future, when all network protocols are able to communicate on different architecture.
This problem needs to be addressed by examining the entire network architecture for the weakest link in the chain, and devising a solution to making it secure (Vacca, 2002). How these holes can be identified is the first major task when performing SAN security tasks, followed by implementing a robust solution which does not impinge on performance or uptime of the SAN. These issues are the most critical to consider when implementing a procedure for a secure storage area network and should be implemented with failover mechanisms in mind in case of any problems.