HP StorageWorks 4000/6000/8000 .HP StorageWorks SAN Design Reference Guide, Pa - Page 402

Storage security compliance, Security technologies, Description, Attack class

Get HP StorageWorks 4000/6000/8000 - Enterprise Virtual Arrays PDF manuals and user guides View all HP StorageWorks 4000/6000/8000 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 402 highlights

Attack class Close-in Description Attacks by an unauthorized user who is in close physical proximity to networks, systems, or facilities. The user may attempt to gather or modify information, or deny authorized users access to information. Insider Unauthorized attacks by an authorized user can be malicious or nonmalicious. Malicious attackers can: • Eavesdrop • Steal or damage data • Use data for fraudulent purposes • Deny authorized users access Nonmalicious attacks can result from: • Carelessness • Lack of knowledge • Circumventing security for nonmalicious purposes to perform tasks Distribution Attacks due to modifications to hardware or software made at the factory or during distribution. Distribution attacks can insert malicious code in a product, which can allow future unauthorized access to the system. Storage security compliance Compliance ensures that a storage system meets specific criteria established by law or regulation. Retention of electronic records is mandated by statutory and regulatory law. Data security regulations are enacted by international governments and U.S. federal and state governments. All storage systems must comply with local regulations. Table 194 lists some of the U.S. and international security regulations. Table 194 U.S. and international security regulations U.S. federal and state regulations International regulations • Sarbanes-Oxley (SOX) Act of 2002 • Gramm-Leach-Bliley Act (GLBA) of 1999 • Securities and Exchange Commission Act (SEC) rules 17a-3 and 17a-4 • Department of Energy (DOE) 10 CFR 600.153 Retention and access requirements for records • California Data Security Act (SB 1386/AB 1950) • New York Regulation 173 Standards for nl safeguarding customer information • European Union Data Protection Directive of 1995 • Canada: Personal Information Protection and nl Electronic Documents Act (PIPEDA) • Australia: Privacy Act 1988 • Japan: Personal Information Protection Act • UK: Data Protection Act 1998 • New Zealand: Privacy Act 1993 Security technologies This section describes security technologies for IP SAN, Fibre Channel SAN, and encryption. 402 Storage security

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286
  • 287
  • 288
  • 289
  • 290
  • 291
  • 292
  • 293
  • 294
  • 295
  • 296
  • 297
  • 298
  • 299
  • 300
  • 301
  • 302
  • 303
  • 304
  • 305
  • 306
  • 307
  • 308
  • 309
  • 310
  • 311
  • 312
  • 313
  • 314
  • 315
  • 316
  • 317
  • 318
  • 319
  • 320
  • 321
  • 322
  • 323
  • 324
  • 325
  • 326
  • 327
  • 328
  • 329
  • 330
  • 331
  • 332
  • 333
  • 334
  • 335
  • 336
  • 337
  • 338
  • 339
  • 340
  • 341
  • 342
  • 343
  • 344
  • 345
  • 346
  • 347
  • 348
  • 349
  • 350
  • 351
  • 352
  • 353
  • 354
  • 355
  • 356
  • 357
  • 358
  • 359
  • 360
  • 361
  • 362
  • 363
  • 364
  • 365
  • 366
  • 367
  • 368
  • 369
  • 370
  • 371
  • 372
  • 373
  • 374
  • 375
  • 376
  • 377
  • 378
  • 379
  • 380
  • 381
  • 382
  • 383
  • 384
  • 385
  • 386
  • 387
  • 388
  • 389
  • 390
  • 391
  • 392
  • 393
  • 394
  • 395
  • 396
  • 397
  • 398
  • 399
  • 400
  • 401
  • 402
  • 403
  • 404
  • 405
  • 406
  • 407
  • 408
  • 409
  • 410
  • 411
  • 412
  • 413
  • 414
  • 415
  • 416
  • 417
  • 418
  • 419
  • 420
  • 421
  • 422
  • 423
  • 424
  • 425
  • 426
  • 427
  • 428
  • 429
  • 430
  • 431
  • 432
  • 433
  • 434
  • 435
  • 436
  • 437
  • 438
  • 439
  • 440
  • 441
  • 442
  • 443
  • 444
  • 445
  • 446
  • 447
  • 448
  • 449
  • 450
  • 451
  • 452
  • 453
  • 454
  • 455
  • 456
Description
Attack class
Attacks by an unauthorized user who is in close physical proximity to networks, systems, or
facilities. The user may attempt to gather or modify information, or deny authorized users
access to information.
Close-in
Unauthorized attacks by an authorized user can be malicious or nonmalicious.
Malicious attackers can:
Eavesdrop
Steal or damage data
Use data for fraudulent purposes
Deny authorized users access
Nonmalicious attacks can result from:
Carelessness
Lack of knowledge
Circumventing security for nonmalicious purposes to perform tasks
Insider
Attacks due to modifications to hardware or software made at the factory or during
distribution. Distribution attacks can insert malicious code in a product, which can allow
future unauthorized access to the system.
Distribution
Storage security compliance
Compliance ensures that a storage system meets specific criteria established by law or regulation.
Retention of electronic records is mandated by statutory and regulatory law.
Data security regulations are enacted by international governments and U.S. federal and state
governments. All storage systems must comply with local regulations.
Table 194
lists some of the U.S.
and international security regulations.
Table 194 U.S. and international security regulations
International regulations
U.S. federal and state regulations
European Union Data Protection Directive of 1995
Canada: Personal Information Protection and
nl
Electronic Documents Act (PIPEDA)
Australia: Privacy Act 1988
Japan: Personal Information Protection Act
UK: Data Protection Act 1998
New Zealand: Privacy Act 1993
Sarbanes-Oxley (SOX) Act of 2002
Gramm-Leach-Bliley Act (GLBA) of 1999
Securities and Exchange Commission Act (SEC)
rules 17a-3 and 17a-4
Department of Energy (DOE) 10 CFR 600.153
Retention and access requirements for records
California Data Security Act (SB 1386/AB 1950)
New York Regulation 173 Standards for
nl
safeguarding customer information
Security technologies
This section describes security technologies for IP SAN, Fibre Channel SAN, and encryption.
Storage security
402