HP StorageWorks 4000/6000/8000 .HP StorageWorks SAN Design Reference Guide, Pa - Page 406

Storage security best practices, Security validation

Get HP StorageWorks 4000/6000/8000 - Enterprise Virtual Arrays PDF manuals and user guides View all HP StorageWorks 4000/6000/8000 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 406 highlights

• Data encryption-Invokes mechanisms that act in response to characteristics of the data, not in response to a threat. • Data separation-Provides separate paths for data or processing. The level of security for data separation depends on the trust level associated with the system. Data separation ensures nl confidentiality by preventing data from reaching unauthorized users. • Traffic separation-Adds meaningless random information and hides network-layer addresses. Traffic separation ensures confidentiality by making it difficult to determine data characteristics, such as frequency and traffic-flow destinations. Data integrity Data integrity prevents unauthorized modification or destruction of data and ensures nonrepudiation and authenticity. Recording all changes to data enables the detection and notification of unauthorized modifications. Data integrity has two types of data: • Single-unit data-Applied to a single piece of data • Data stream-Applied to all PDUs Data availability Data availability ensures reliable access to data and information services for authorized users in the SAN. You must protect your data from attacks, unauthorized use, and routine failures. Nonrepudiation Nonrepudiation ensures that all parties in a transaction are authenticated and verifies that they participated in the transaction. Storage technologies are tied closely with data and are often the last line of defense against attacks. Security validation Security validation establishes a secure audit trail across your organization. The audit trail serves as proof of compliance for internal and external audits with real-time alerts. Validation is accomplished using encryption, key management, and identity management, which creates an integrated compliance solution across the organization. To ensure compliance, every process you use must be repeatable, have demonstrated control points (with documented responsible personnel), and include a tamper-proof audit tracking system. Storage security best practices To simplify storage security, the SNIA SSIF has developed the following security elements: • Storage system security-Secures embedded operating systems and applications. Integrates with IT and security infrastructure, such as external authentication services, centralized logging, and firewalls. • SRM-Securely provisions, monitors, tunes, reallocates, and controls storage resources to ensure storage and retrieval of data. • Data in-flight-Protects the confidentiality, integrity, and availability of data as it is transferred across the SAN, LAN, or WAN. This may also include traffic management. • Data at-rest-Protects the confidentiality, integrity, and availability of data stored on servers, storage arrays, NAS appliances, tape libraries, and other media. The measures required depend on the type of risk you are managing. 406 Storage security

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286
  • 287
  • 288
  • 289
  • 290
  • 291
  • 292
  • 293
  • 294
  • 295
  • 296
  • 297
  • 298
  • 299
  • 300
  • 301
  • 302
  • 303
  • 304
  • 305
  • 306
  • 307
  • 308
  • 309
  • 310
  • 311
  • 312
  • 313
  • 314
  • 315
  • 316
  • 317
  • 318
  • 319
  • 320
  • 321
  • 322
  • 323
  • 324
  • 325
  • 326
  • 327
  • 328
  • 329
  • 330
  • 331
  • 332
  • 333
  • 334
  • 335
  • 336
  • 337
  • 338
  • 339
  • 340
  • 341
  • 342
  • 343
  • 344
  • 345
  • 346
  • 347
  • 348
  • 349
  • 350
  • 351
  • 352
  • 353
  • 354
  • 355
  • 356
  • 357
  • 358
  • 359
  • 360
  • 361
  • 362
  • 363
  • 364
  • 365
  • 366
  • 367
  • 368
  • 369
  • 370
  • 371
  • 372
  • 373
  • 374
  • 375
  • 376
  • 377
  • 378
  • 379
  • 380
  • 381
  • 382
  • 383
  • 384
  • 385
  • 386
  • 387
  • 388
  • 389
  • 390
  • 391
  • 392
  • 393
  • 394
  • 395
  • 396
  • 397
  • 398
  • 399
  • 400
  • 401
  • 402
  • 403
  • 404
  • 405
  • 406
  • 407
  • 408
  • 409
  • 410
  • 411
  • 412
  • 413
  • 414
  • 415
  • 416
  • 417
  • 418
  • 419
  • 420
  • 421
  • 422
  • 423
  • 424
  • 425
  • 426
  • 427
  • 428
  • 429
  • 430
  • 431
  • 432
  • 433
  • 434
  • 435
  • 436
  • 437
  • 438
  • 439
  • 440
  • 441
  • 442
  • 443
  • 444
  • 445
  • 446
  • 447
  • 448
  • 449
  • 450
  • 451
  • 452
  • 453
  • 454
  • 455
  • 456
Data encryption
Invokes mechanisms that act in response to characteristics of the data, not in
response to a threat.
Data separation
Provides separate paths for data or processing. The level of security for data
separation depends on the trust level associated with the system. Data separation ensures
nl
confidentiality by preventing data from reaching unauthorized users.
Traffic separation
Adds meaningless random information and hides network-layer addresses.
Traffic separation ensures confidentiality by making it difficult to determine data characteristics,
such as frequency and traffic-flow destinations.
Data integrity
Data integrity prevents unauthorized modification or destruction of data and ensures nonrepudiation
and authenticity. Recording all changes to data enables the detection and notification of unauthorized
modifications.
Data integrity has two types of data:
Single-unit data
Applied to a single piece of data
Data stream
Applied to all PDUs
Data availability
Data availability ensures reliable access to data and information services for authorized users in the
SAN. You must protect your data from attacks, unauthorized use, and routine failures.
Nonrepudiation
Nonrepudiation ensures that all parties in a transaction are authenticated and verifies that they
participated in the transaction. Storage technologies are tied closely with data and are often the last
line of defense against attacks.
Security validation
Security validation establishes a secure audit trail across your organization. The audit trail serves as
proof of compliance for internal and external audits with real-time alerts. Validation is accomplished
using encryption, key management, and identity management, which creates an integrated compliance
solution across the organization.
To ensure compliance, every process you use must be repeatable, have demonstrated control points
(with documented responsible personnel), and include a tamper-proof audit tracking system.
Storage security best practices
To simplify storage security, the SNIA SSIF has developed the following security elements:
Storage system security
Secures embedded operating systems and applications. Integrates with
IT and security infrastructure, such as external authentication services, centralized logging, and
firewalls.
SRM
Securely provisions, monitors, tunes, reallocates, and controls storage resources to ensure
storage and retrieval of data.
Data in-flight
Protects the confidentiality, integrity, and availability of data as it is transferred
across the SAN, LAN, or WAN. This may also include traffic management.
Data at-rest
Protects the confidentiality, integrity, and availability of data stored on servers,
storage arrays, NAS appliances, tape libraries, and other media. The measures required depend
on the type of risk you are managing.
Storage security
406