Level 2 threats are distinguished by the fact that someone maliciously tries to steal data or cause disruption of service. The variety of Level 2 attacks increases as the intruder (anyone initiating the attack) is attempting to circumvent barriers. An intruder impersonating an authorized user would be a common Level 2 attack. To prevent a Level 2 threat, the SAN will need to add processes and technology to foil the attack.
Level 3 threats are the most troublesome. These are large-scale offensives that are usually perpetrated by an external source with expensive equipment and sophistication. An example of this attack would be installing a Fibre Channel analyzer that monitors traffic on a link. Equipment to crack authentication secrets or encrypted data would be another example of a Level 3 attack. These cloak and dagger type attacks are difficult to accomplish and require uncommon knowledge and a serious commitment to perpetrate the attack. Level 3 attacks are rare and complex and are beyond the scope of this white paper.
The three levels of attack are helpful in categorizing threats, but an in-depth analysis is required to address each threat. The next section will enable a systematic approach to dealing with individual threats.
Administrator's Perspective - Storage Network Points of Attack
Threats to storage networks come from many places. Each point of attack may be used as a stepping-stone for later attacks. To provide high levels of security, several checkpoints should be placed between the intruder and the data. The various points of attack are helpful in identifying security method to thwart different attacks. Similar to how castles have several defense mechanisms to defend against invaders, the enterprise should install many barriers to prevent attacks.
The point of attack helps the discussion of individual threats. The threats that will be discussed in this paper include:
- Unauthorized Access
Unauthorized access is the most common security threat because it can run the gamut of Levels 1 to 3 threats. An unauthorized access may be as simple as plugging in the wrong cable or as complex as attaching a compromised server to the fabric. Unauthorized access leads to other forms of attack, and is a good place to start the discussion of threats.
Access can be controlled at the following points of attack:
1. Out-of Band Management Application – Switches have non- Fibre Channel ports, such as an Ethernet port and Serial Port, for management purposes. Physical access to the Ethernet port may be limited by creating a private network to manage the SAN that is separate from a company's Intranet. If the switch is connected to the company Intranet, Firewalls and Virtual Private Networks can restrict access to the Ethernet port. Access to the Serial Port (RS 232) can be restricted by limiting physical access and having user authorization and authentication. After physical access is obtained to the Ethernet port, the switch can control the applications that can access it with access control lists. The switch may also limit the applications or individual users that can access through point of attack 3.
2. In-band Management Application — Another exposure that a switch faces is through an in-band management application. The in-band management application will access the fabric services - such as the Name Server and Fabric Configuration Server. Access to the fabric services is controlled by the Management ACL (MACL).
3. User to Application – Once a user has physical access to a management application, they will have to log into the application. The management application can authorize the user for role-based access depending on their job function. The management application will need to support access control lists and the roles for each user.