HP StorageWorks 4000/6000/8000 .HP StorageWorks SAN Design Reference Guide, Pa - Page 406
Storage security best practices, Security validation
View all HP StorageWorks 4000/6000/8000 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 406 highlights
• Data encryption-Invokes mechanisms that act in response to characteristics of the data, not in response to a threat. • Data separation-Provides separate paths for data or processing. The level of security for data separation depends on the trust level associated with the system. Data separation ensures nl confidentiality by preventing data from reaching unauthorized users. • Traffic separation-Adds meaningless random information and hides network-layer addresses. Traffic separation ensures confidentiality by making it difficult to determine data characteristics, such as frequency and traffic-flow destinations. Data integrity Data integrity prevents unauthorized modification or destruction of data and ensures nonrepudiation and authenticity. Recording all changes to data enables the detection and notification of unauthorized modifications. Data integrity has two types of data: • Single-unit data-Applied to a single piece of data • Data stream-Applied to all PDUs Data availability Data availability ensures reliable access to data and information services for authorized users in the SAN. You must protect your data from attacks, unauthorized use, and routine failures. Nonrepudiation Nonrepudiation ensures that all parties in a transaction are authenticated and verifies that they participated in the transaction. Storage technologies are tied closely with data and are often the last line of defense against attacks. Security validation Security validation establishes a secure audit trail across your organization. The audit trail serves as proof of compliance for internal and external audits with real-time alerts. Validation is accomplished using encryption, key management, and identity management, which creates an integrated compliance solution across the organization. To ensure compliance, every process you use must be repeatable, have demonstrated control points (with documented responsible personnel), and include a tamper-proof audit tracking system. Storage security best practices To simplify storage security, the SNIA SSIF has developed the following security elements: • Storage system security-Secures embedded operating systems and applications. Integrates with IT and security infrastructure, such as external authentication services, centralized logging, and firewalls. • SRM-Securely provisions, monitors, tunes, reallocates, and controls storage resources to ensure storage and retrieval of data. • Data in-flight-Protects the confidentiality, integrity, and availability of data as it is transferred across the SAN, LAN, or WAN. This may also include traffic management. • Data at-rest-Protects the confidentiality, integrity, and availability of data stored on servers, storage arrays, NAS appliances, tape libraries, and other media. The measures required depend on the type of risk you are managing. 406 Storage security