En la administración de una red de fibra para almacenamiento más que medidas de seguridad de caracter preventivo son una práctica habitual el zoneado del switch ( o fabric) y el enmascaramiento de lunes (lun masking) desde la cabina en la provisión rutinaria de almacenamiento. Adiccionalmente, se puede añadir niveles de seguridad en la SAN con funcionalidades que proporcionan los fabricantes de switches de fibra. Ejemplos para tecnología Brocade son las políticas de control de las conexiones entre switches ( Switch Connection Control – SCC) y de control de dispositivos ( Device Connection Control – DCC). Lo que nos permiten hacer estas los políticas es restringir que switches y dispositivos se conectarán a la fabric.
SCC – Proteje las conexiónes inesperadas entre switches, se trata de verificar cada vez que se intenta realizar una conexión entre switches (ISL) contra un listado de switches definido por la política.
DCC – Proteje la conexiónes inesperadas entre dispositivos (HBAs de servidores, librerías, drives, VTLs, cabinas) con switches, se trata de verificar cada vez que se intenta realizar una conexión de un dispositivo de fibre contra un listado de dispositivos definido por la política.
La aplicación de estas políticas pueden considerarse interesante en muchos casos, por ejemplo, si el parcheo de fibra y sus cambios es ajeno al personal de administración de la SAN, si se quiere minimizar el fallo humano, o evitar un intento de acceso no deseado de un equipo o un analizador de tráfico, …
La SAN, al estar aislada sin acceso externo por otras redes es considerada segura, no necesitando medidas de protección especiales en apariencia. Pero si alguien consigue la contraseña de administración de alguno de los servidores conectado a la SAN, puede introducir driver de la HBAs modificados (o ni eso) para una práctica de hack que es "wwn spoofing", es decir, modificar la HBA de un servidor con el wwn de otra que le permita tener acceso al recurso de almacenamiento … y a sus datos. Recordemos que el sentido del hackering puede ser robar, corromper o destrozar el núcleo de información de la compañía. y … ¿ ésto lo evitaría DCC ? Si, ya que es una aplicación de "port locking" ( o "port binding") que es la asociación de un puerto a un wwn.
Para añadir un nivel mayor de seguridad se pueden usar protocolos de autenticación como DH-CHAP que pertenece a los protocolos FC-SP (Fibre Channel Security Protocols) definidos por la T11 y asegura mediante par de claves asociadas a wwn la negociación entre conexiones de forma segura. Aparte del "wwn spoofing" existen otras técnicas de hack en la fabric tales como "S_ID spoofing", " M-I-T-M attack" donde la aplicación de protocolos FC-SP son eficaces para evitar cualquier riesgo de intrusión.
Para la tecnología Brocade está la política AUTH que implementa la autenticación entre switches y dispositivos a través de DH-CHAP / FCAP.
¿ Es vuestra SAN segura ? y … ¿ estás preparado para una intrusión?
Right here is the right web site for anyone who hopes to understand this topic. You understand a whole lot its almost hard to argue with you (not that I actually will need to…HaHa). You certainly put a new spin on a topic which has been written about for ages. Wonderful stuff, just great!
I was excited to find this great site. I want to to thank you for your time for this particularly wonderful read!!
I definitely savored every bit of it and I have you book marked to
check out new stuff in your web site.
I love reading an article that can make men and women think. Also, thank you for allowing for me to comment!
Hurrah! Finally I got a weblog from where I can really obtain valuable
information regarding my study and knowledge.
After I originally left a comment I seem to have clicked on the -Notify me when new comments are added- checkbox and now whenever a comment is added I recieve 4 emails with the same comment. Is there an easy method you can remove me from that service? Thank you!
Hi all, here every person is sharing these experience, thus it’s fastidious to read this weblog, and I used to visit this web site daily.|
Hi there, I enjoy reading through your article.
I like to write a little comment to support you.
I’m still learning from you, but I’m improving myself. I absolutely liked reading all that is written on your blog.Keep the stories coming. I loved it!
Spot on with this write-up, I seriously feel this site needs much
more attention. I’ll probably be returning to see more,
thanks for the information!
The next time I read a blog, Hopefully it won’t fail me as much as this particular one. After all, Yes, it was my choice to read, but I genuinely thought you’d have something helpful to say. All I hear is a bunch of complaining about something that you could fix if you were not too busy seeking attention.
I have fun with, lead to I discovered exactly what I used to be taking a look for.
You have ended my four day lengthy hunt!
God Bless you man. Have a great day. Bye
Howdy! Would you mind if I share your blog with my
myspace group? There’s a lot of people that I think would really appreciate your content.
Please let me know. Cheers
Hello there! This blog post could not be written much better! Looking at this post reminds me of my previous roommate! He continually kept talking about this. I am going to forward this information to him. Fairly certain he will have a good read. I appreciate you for sharing!
Undeniably believe that which you stated. Your favorite justification appeared to be
on the internet the simplest thing to be aware of.
I say to you, I definitely get irked while people think about worries that they plainly don’t know about.
You managed to hit the nail upon the top and defined out the whole thing
without having side-effects , people could take a signal.
Will likely be back to get more. Thanks
binary option
Seguridad en una SAN Brocade I – Políticas SCC, DCC y AUTH | Almacenamiento Abierto
It’s nearly impossible to find well-informed people in this particular subject, but you seem like you know what you’re talking about! Thanks
crypto
Seguridad en una SAN Brocade I – Políticas SCC, DCC y AUTH | Almacenamiento Abierto
Nice post. I was checking constantly this blog and I am impressed!
Very useful info specifically the last part 🙂 I care for such information a lot.
I was looking for this certain info for a long
time. Thank you and best of luck.
Great blog right here! Additionally your web site lots up very fast! What host are you the use of? Can I get your affiliate hyperlink in your host? I wish my website loaded up as quickly as yours lol|
I couldnít refrain from commenting. Well written!
Very interesting points. Thanks!
Oh my goodness! Awesome article dude! Thanks, However I am having issues with your RSS. I don’t understand why I cannot join it. Is there anybody else getting similar RSS problems? Anyone that knows the solution can you kindly respond? Thanks!!
Its like you read my mind! You seem to know a lot about this, like you wrote the book in it or something. I think that you can do with a few pics to drive the message home a little bit, but other than that, this is great blog. A fantastic read. I will definitely be back.
Hello, i think that i saw you visited my blog thus i came
to “return the favor”.I’m trying to find things to enhance my site!I suppose
its ok to use a few of your ideas!!
My partner and I stumbled over here by a different web address and thought
I might check things out. I like what I see so now i’m following you.
Look forward to looking over your web page again.
I used to be able to find good info from your articles.|
This is a topic that is close to my heart… Best wishes! Exactly where are your contact details though?
I’ve read some good stuff here. Certainly worth bookmarking for revisiting. I wonder how much effort you put to make such a fantastic informative website.
A lot of of what you state is supprisingly precise and that makes me wonder the reason why I hadn’t looked at this in this light before. This particular piece truly did switch the light on for me as far as this specific subject matter goes. However there is one particular position I am not necessarily too cozy with and while I make an effort to reconcile that with the central theme of the point, permit me see what the rest of the subscribers have to say.Nicely done.
Hi! Do you know if they make any plugins to protect against hackers? I’m kinda paranoid about losing everything I’ve worked hard on. Any recommendations?
Nice blog right here! Additionally your site a lot up very fast! What host are you the usage of? Can I get your associate link for your host? I want my web site loaded up as fast as yours lol
Great info. Lucky me I found your blog by accident (stumbleupon). I’ve bookmarked it for later!
This site was… how do I say it? Relevant!! Finally I have found something that helped me. Appreciate it!
I could not refrain from commenting. Perfectly written!
Hi everyone, it’s my first visit at this website,
and article is in fact fruitful in favor of me,
keep up posting such articles.
Hey I know this is off topic but I was wondering if you knew of any widgets I could add to my blog that automatically tweet my newest twitter updates. I’ve been looking for a plug-in like this for quite some time and was hoping maybe you would have some experience with something like this. Please let me know if you run into anything. I truly enjoy reading your blog and I look forward to your new updates.|
I was extremely pleased to find this website. I need to to thank you for ones time for this wonderful read!! I definitely enjoyed every little bit of it and I have you book-marked to look at new stuff in your site.
Its like you read my mind! You seem to know a lot about this, like you wrote the book in it or something.
I think that you could do with a few pics to drive the message home a little bit, but instead of that, this is great blog.
An excellent read. I will certainly be back.
This is the right site for anyone who wants to understand this topic. You realize a whole lot its almost tough to argue with you (not that I actually would want to…HaHa). You definitely put a brand new spin on a topic that has been discussed for a long time. Wonderful stuff, just excellent!
Attractive section of content. I just stumbled upon your website and
in accession capital to assert that I get actually enjoyed account
your blog posts. Anyway I will be subscribing to your feeds
and even I achievement you access consistently rapidly.
It is appropriate time to make a few plans for the long run and it’s time to be happy. I’ve read this submit and if I could I wish to recommend you few interesting issues or advice. Perhaps you can write subsequent articles relating to this article. I desire to read more things about it!
Oh my goodness! Incredible article dude! Thank you so much, However I am encountering difficulties with your RSS. I don’t know why I can’t subscribe to it. Is there anybody getting similar RSS issues? Anyone that knows the solution will you kindly respond? Thanx!!
Howdy! This post couldn’t be written much better! Going through this article reminds me of my previous roommate! He always kept preaching about this. I am going to forward this information to him. Fairly certain he’s going to have a great read. Thanks for sharing!
Attractive section of content. I just stumbled upon your website and in accession capital to assert that I get in fact enjoyed account your blog posts. Any way I’ll be subscribing to your augment and even I achievement you access consistently rapidly.
Hi there i am kavin, its my first occasion to commenting anywhere,
when i read this piece of writing i thought i could also make
comment due to this sensible piece of writing.
naturally like your web site but you have to test the spelling on quite a few of your posts.
A number of them are rife with spelling problems and I to
find it very troublesome to tell the truth then again I will certainly
come again again.
What’s Happening i am new to this, I stumbled upon this I have found It positively helpful and it has helped me out loads. I hope to contribute & assist other users like its helped me. Good job.
Thanks for every other informative web site. The place else may I get that type of information written in such an ideal manner? I’ve a undertaking that I’m just now operating on, and I have been at the look out for such info.
Aw, this was an exceptionally good post. Finding the time and actual effort to produce a very good article… but what can I say… I hesitate a lot and never seem to get nearly anything done.
Way cool! Some very valid points! I appreciate you penning this article and also the rest of the site is also very good.