En la administración de una red de fibra para almacenamiento más que medidas de seguridad de caracter preventivo son una práctica habitual el zoneado del switch ( o fabric) y el enmascaramiento de lunes (lun masking) desde la cabina en la provisión rutinaria de almacenamiento. Adiccionalmente, se puede añadir niveles de seguridad en la SAN con funcionalidades que proporcionan los fabricantes de switches de fibra. Ejemplos para tecnología Brocade son las políticas de control de las conexiones entre switches ( Switch Connection Control – SCC) y de control de dispositivos ( Device Connection Control – DCC). Lo que nos permiten hacer estas los políticas es restringir que switches y dispositivos se conectarán a la fabric.
SCC – Proteje las conexiónes inesperadas entre switches, se trata de verificar cada vez que se intenta realizar una conexión entre switches (ISL) contra un listado de switches definido por la política.
DCC – Proteje la conexiónes inesperadas entre dispositivos (HBAs de servidores, librerías, drives, VTLs, cabinas) con switches, se trata de verificar cada vez que se intenta realizar una conexión de un dispositivo de fibre contra un listado de dispositivos definido por la política.
La aplicación de estas políticas pueden considerarse interesante en muchos casos, por ejemplo, si el parcheo de fibra y sus cambios es ajeno al personal de administración de la SAN, si se quiere minimizar el fallo humano, o evitar un intento de acceso no deseado de un equipo o un analizador de tráfico, …
La SAN, al estar aislada sin acceso externo por otras redes es considerada segura, no necesitando medidas de protección especiales en apariencia. Pero si alguien consigue la contraseña de administración de alguno de los servidores conectado a la SAN, puede introducir driver de la HBAs modificados (o ni eso) para una práctica de hack que es "wwn spoofing", es decir, modificar la HBA de un servidor con el wwn de otra que le permita tener acceso al recurso de almacenamiento … y a sus datos. Recordemos que el sentido del hackering puede ser robar, corromper o destrozar el núcleo de información de la compañía. y … ¿ ésto lo evitaría DCC ? Si, ya que es una aplicación de "port locking" ( o "port binding") que es la asociación de un puerto a un wwn.
Para añadir un nivel mayor de seguridad se pueden usar protocolos de autenticación como DH-CHAP que pertenece a los protocolos FC-SP (Fibre Channel Security Protocols) definidos por la T11 y asegura mediante par de claves asociadas a wwn la negociación entre conexiones de forma segura. Aparte del "wwn spoofing" existen otras técnicas de hack en la fabric tales como "S_ID spoofing", " M-I-T-M attack" donde la aplicación de protocolos FC-SP son eficaces para evitar cualquier riesgo de intrusión.
Para la tecnología Brocade está la política AUTH que implementa la autenticación entre switches y dispositivos a través de DH-CHAP / FCAP.
¿ Es vuestra SAN segura ? y … ¿ estás preparado para una intrusión?
I do agree with all the ideas you’ve presented on your post.
They are really convincing and can certainly work.
Nonetheless, the posts are too brief for beginners.
Could you please prolong them a bit from next time? Thank
you for the post.
Hello there, You have done an excellent job. I’ll certainly digg it and personally recommend to my friends.
I’m sure they’ll be benefited from this website.
My page; huc99 แทงบอลออนไลน์
Hi my loved one! I want to say that this post is amazing, great written and come with almost all significant infos.
I would like to peer more posts like this .
If you’re tired and want to give up the fight, then they are the only
place I recommend anyone to start! Thank you once again everyone!
Nice blog here! Additionally your website lots up very fast!
What host are you the use of? Can I am getting your associate link to your host?
I want my website loaded up as fast as yours lol
We will teach you how to earn $ 7000 per hour. Why? We will profit from your profit.https://go.binaryoption.ae/FmUKhe
Howdy would you mind sharing which blog platform you’re working with? I’m planning to start my own blog in the near future but I’m having a tough time making a decision between BlogEngine/Wordpress/B2evolution and Drupal. The reason I ask is because your design seems different then most blogs and I’m looking for something completely unique. P.S Sorry for being off-topic but I had to ask!|
If you are going for finest contents like I do, just pay a visit this site daily since it gives quality contents, thanks
Also visit my page; สล็อตเครดิตฟรี 50 บาท แค่สมัคร
This article will help the internet viewers for building up new weblog or even a blog
from start to end.
I appreciate, cause I found exactly what I was looking for. You’ve ended my four day long hunt! God Bless you man. Have a great day. Bye
hello!,I love your writing very much! proportion we keep in touch extra approximately your post on AOL? I require an expert on this area to solve my problem. Maybe that’s you! Looking ahead to look you.
I do not even know how I ended up here, but I thought this post was great.
I do not know who you are but certainly you’re going to a famous blogger if
you aren’t already 😉 Cheers!
I’m not that much of a online reader to be honest but your blogs
really nice, keep it up! I’ll go ahead and bookmark
your website to come back down the road. Many thanks
This post is invaluable. Where can I find out more?
I was suggested this website by my cousin. I’m not sure whether this post is written by him as
nobody else know such detailed about my difficulty. You are amazing!
Thanks!
What’s up friends, how is everything, and what you wish for to say regarding
this post, in my view its really amazing in favor of me.
Awesome website you have here but I was curious about
if you knew of any community forums that cover the same topics discussed in this article?
I’d really love to be a part of online community where I can get feedback from other knowledgeable people that share
the same interest. If you have any recommendations, please let me know.
Kudos!
I loved as much as you will receive carried out right here.
The sketch is attractive, your authored subject matter stylish.
nonetheless, you command get got an nervousness over that you
wish be delivering the following. unwell unquestionably come more formerly again since exactly the same nearly very often inside case you shield this hike.
Hello there, just became alert to your blog through Google, and found that it is really
informative. I’m gonna watch out for brussels. I
will appreciate if you continue this in future. A lot
of people will be benefited from your writing. Cheers!
Wow! After all I got a weblog from where I be
able to really get helpful data concerning my study and knowledge.
This is very interesting, You’re a very skilled blogger.
I’ve joined your rss feed and look forward to seeking more of
your excellent post. Also, I have shared your web site in my social networks!
obviously like your web-site but you need to take a look at the spelling on quite a few of your
posts. Several of them are rife with spelling problems and I find it very troublesome to inform the truth however I’ll certainly come back
again.
Truly no matter if someone doesn’t know afterward its up to other viewers that they will help,
so here it takes place.
Hi would you mind letting me know which webhost you’re working with?
I’ve loaded your blog in 3 completely different browsers and I must say
this blog loads a lot quicker then most. Can you suggest a good hosting provider at a reasonable
price? Thanks, I appreciate it!
Right here is the right blog for anyone who really wants to find out about this topic. You understand so much its almost tough to argue with you (not that I really would want to…HaHa). You definitely put a new spin on a topic that’s been discussed for many years. Wonderful stuff, just excellent!
This post will help the internet visitors for building up new webpage or even a blog from start to
end.
Aw, this was a really nice post. In thought I would like to put in writing like this moreover – taking time and precise effort to make a very good article… but what can I say… I procrastinate alot and under no circumstances appear to get one thing done.
Along with every thing which appears to be developing throughout this particular area, many of your viewpoints are relatively refreshing. Nonetheless, I appologize, but I do not subscribe to your entire theory, all be it exhilarating none the less. It looks to everyone that your comments are generally not entirely rationalized and in actuality you are your self not thoroughly confident of your assertion. In any case I did enjoy looking at it.
I’ve been absent for a while, but now I remember why I used to love this website. Thanks , I’ll try and check back more often. How frequently you update your web site?
You made some really good points there. I looked on the internet for more information about the issue and found most individuals will go along with your views on this web site.
Great info. Lucky me I recently found your website by accident (stumbleupon). I’ve book-marked it for later!
We will teach you how to earn $ 7000 per hour.
Why? We will profit from your profit.https://go.binaryoption.ae/FmUKhe
I am really impressed together with your writing skills and also with the
format in your weblog. Is that this a paid theme or did you modify
it yourself? Anyway keep up the excellent high quality writing, it is uncommon to peer a nice
weblog like this one these days..
Hello! I could have sworn I’ve been to this blog before but after looking at many of the articles I realized it’s new to me.
Anyways, I’m certainly pleased I came across it and I’ll be book-marking it
and checking back often!
joker388 2022
Seguridad en una SAN Brocade I – Políticas SCC, DCC y AUTH | Almacenamiento Abierto
Way cool! Some very valid points! I appreciate you writing this post plus the rest of the site is very good.
Right now it sounds like BlogEngine is the best blogging platform available right now. (from what I’ve read) Is that what you are using on your blog?
An outstanding share! I’ve just forwarded this onto a colleague who had been conducting a little research on this. And he in fact ordered me lunch due to the fact that I found it for him… lol. So let me reword this…. Thanks for the meal!! But yeah, thanx for spending time to discuss this subject here on your website.
Excellent weblog right here! Additionally your site quite a bit up very fast! What host are you using? Can I am getting your associate link to your host? I want my web site loaded up as quickly as yours lol
An outstanding share! I’ve just forwarded this onto a co-worker who had been doing a little homework on this. And he actually bought me lunch because I found it for him… lol. So let me reword this…. Thanks for the meal!! But yeah, thanks for spending the time to discuss this topic here on your web page.
Great blog here! Also your web site so much up fast!
What web host are you using? Can I am getting
your affiliate hyperlink to your host? I
want my site loaded up as fast as yours lol
Terrific job here. I genuinely enjoyed what you had to say. Keep heading because you unquestionably bring a new voice to this subject. Not many people would say what youve said and still make it interesting. Properly, at least Im interested. Cant wait to see additional of this from you.
Attractive component of content. I just stumbled upon your web site
and in accession capital to claim that I get actually enjoyed account your weblog posts.
Anyway I’ll be subscribing in your feeds and even I
fulfillment you get admission to persistently quickly.
A fascinating discussion is worth comment. I think that you ought to publish more on this subject matter, it may not be a taboo matter but typically people don’t talk about these subjects. To the next! Many thanks!!
Amazing! This blog looks just like my old one! It’s on a entirely different subject but it has pretty much the same page layout and design. Excellent choice of colors!
Excellent article. Keep writing such kind of information on your page.
Im really impressed by it.
Hello there, You have done a great job. I’ll definitely
digg it and individually recommend to my friends. I am confident they’ll be benefited from this site.
Someone necessarily lend a hand to make seriously
posts I would state. This is the very first time I frequented your web page and to this point?
I surprised with the analysis you made to
create this actual post incredible. Fantastic process!
Get access to over 1.2 million unique blog articles at affordable rates. Buy ready-made blog articles from only $1!
Learn more –> http://articlemarket.co/special
It’s a pity you don’t have a donate button! I’d most certainly donate to this brilliant blog!
I guess for now i’ll settle for bookmarking and adding your RSS
feed to my Google account. I look forward to brand new updates and will talk about this
site with my Facebook group. Chat soon!
I really like your blog.. very nice colors & theme. Did you make this website
yourself or did you hire someone to do it for you?
Plz respond as I’m looking to construct my own blog and would like to know
where u got this from. many thanks