HP StorageWorks 4000/6000/8000 .HP StorageWorks SAN Design Reference Guide, Pa - Page 401

18 Storage security This chapter describes storage security best practices. It describes the following topics: • Storage security threats, page 401 • Storage security compliance, page 402 • Security technologies, page 402 • HP security strategy, page 404 • Storage security best practices, page 406 • Assessing security risks, page 407 • HP storage security solutions, page 407 Storage security threats Securing SAN environments has become an increasingly important aspect of data security. IT organizations face many security threats and must comply with numerous industry and government regulations. In the past, IT organizations accepted that authentication issues were handled by the network architecture; they were not responsible for SAN security. The NSA IATF defines five security attack classes that you should consider when defining your solution (Table 193). Table 193 Security attack classes Attack class Passive Description Attacks that can disclose information to an attacker. Passive attacks include: • Analyzing traffic • Monitoring unprotected communications • Decrypting weakly encrypted traffic • Capturing authentication information (passwords) An example of a passive attack is the disclosure of information such as credit card numbers and passwords. Active Attacks that can disclose information, deny service, or modify data. Active attacks include: • Attempting to circumvent or break protection features • Introducing malicious code • Stealing or modifying information • Attacking a network backbone • Exploiting in-transit information • Penetrating an enclave • Attacking when a remote user attempts to connect to an enclave SAN Design Reference Guide 401