Excerpts

Preface Storage security is the two-ton secret in your data center. It is the big white elephant that you walk by every day--you can see it from your desktop, you look for it on your servers, and you even rest your coffee mug on it every now and then. Despite the fact that the elephant is very large, heavy (two tons), albino (white), and sitting in the middle of the data center, it is the dirty little secret that no one speaks about. So why do people ignore such a large entity that can significantly damage their enterprise? The answers, as well as the solutions, are addressed in this book. The storage industry is missing the mark in terms of security, data protection, availability, integrity, and compliance. The absence of security in storage makes it an open target for unauthorized access and data compromise. The most prominent security control for storage networks is the lack of knowledge many attackers have about the technology. Lack of knowledge, or better known as security by obscurity, never stands the test of time as shown in other technologies affected by security, such as application development, voice over IP, wireless, and even electronic voting stations. Furthermore, security by obscurity never passes a governmental compliance test for data protection or integrity. The book's primary goal is to discuss security weaknesses and acceptable solutions for Storage Area Networks (SANs) and Network Attached Storage (NAS). The book will discuss the mechanisms to evaluate your own storage network, design security into storage networks, and implement security settings on common storage devices. The book will also cover the standard practices for securing storage by discussing strategies that will minimize security weaknesses in SAN and NAS architectures. Before we dive deeper, let's define storage security for a moment. Security is an entity that can be applied to different things, such hosts, devices, networks, and communication mediums. Security can also be applied in several methods, such as encryption, access controls, authentication, checksums, logging, or dedicated products. Similarly, storage is an entity that is also applied in many ways. It can be applied as media (tapes, CD-ROMs, disk drives, USB drives), a communications medium (Internet Protocol, Fibre Channel, iSCSI), or even a network (Network Attached Storage or Storage Area Networks). Based on their different descriptions, security and storage traditionally are two items that are not usually paired together. Storage concentrates on holding data, while security concentrates on protecting data. Nevertheless, it is interesting that both entities address data needs and concerns, yet have not been addressed in a complementary fashion. There are several reasons why security and storage are two strangers. One incorrect assumption is that storage does not need security because it already has been addressed elsewhere in a network, which unfortunately is not true. It is often unnoticed that it is easier for internal attackers to compromise storage devices when compared to applications or operating systems. For example, unlike most applications and operating systems, many storage devices do not even require authentication to get access to large volumes of data, a fact that would never pass on most security audits. Furthermore, if an internal server has ever been affect by a virus or worm, the perimeter of the network is probably not as secure as a Visio document may picture it to look. The fact is the network perimeter has disappeared with the advent of wireless networks, remote VPN users, site-to-site VPNs with business partners, back-end support connections, and internal unauthorized users such as contractors/consultants. This fact, combined with the large amount of internal data heists occurring every month, make storage a prime target of attackers. Compliance entities have also realized that data is not protected adequately and its integrity is at risk on the storage network. It is often overlooked that perimeter security controls are easily subverted to gain access to entities connected to the storage network, thus creating an open gateway. It is also assumed that unauthorized users attack from their own machines, but actually they attack from compromised management servers, administrator workstations, or compromised applications. Another assumption is that if any entity, such as an application data owner, can gain access to the stored data, they must have been authorized to do so; thus, having the ability to access data equates into the authorization to access data, again simply not true (especially for regulated data). For example, if an Exchange administrator has access to the Exchange server, it does not mean that he or she is authorized to read everyone's email. Furthermore, the ability for unauthenticated users to connect directly to the storage network and view, copy, and delete data does not mean all users should have that authority. The assumptions also carry over to different organizational groups. Security groups are often preoccupied with network and application attacks to fully understand the high risks of insecure storage. Additionally, the storage group's lack of information security background combined with their focus on performance and capacity concerns make security a neglected entity. All these assumptions and groups make it hard to realize that a large amount of data is sitting wide open in the storage network for anyone to compromise. What Does It Mean to Secure Storage? What does it mean to secure storage? For the purposes of this book, securing storage is the process of assessing, implementing, and testing security on existing SAN and NAS architectures. The book will focus on the following items: How do I assess my storage network for best practices? How do I test my storage network from attacks and compliance breaches? How do I implement security on my storage network based on industry standards? The book will cover three primary themes. The first theme is to provide guidance and assessment techniques for storage networks. The second theme is to provide testing procedures for SAN and NAS architectures. The third theme of this book will discuss the security solutions for each attack class and security exposure currently presented on storage networks and devices. The book will discuss many security specifications and industry standards and how they affect storage security overall. SAN and NAS Security Storage Area Networks (SANs) and Network Attached Storage (NAS) are two types of storage networks. SANs have been based primarily on Fibre Channel (FC), with iSCSI becoming more popular, and NAS architectures have primarily been based on IP using CIFS or NFS. Both types of storage networks have one thing in common: SANs and NAS are not used for backup anymore. Data from the storage network is being presented to applications and hosts in all parts of the network, which do not hold a high level of security. For example, a Fibre Channel SAN may be connected to a web or database cluster that is available to the Internet or internal network, allowing a single comprised web/database server to be the gateway to the SAN. If the SAN was using iSCSI, the storage device would be easier to break into. The attacker would only need to connect to the IP network and connect to the iSCSI storage device, bypassing the database application and web server all together. Furthermore, a NAS device might be holding medical data (patient information) that can be assessed by authorized doctors; however, it is also stored in clear-text, allowing any system administrator to access the sensitive data. The need for SAN and NAS security is long overdue. This book will describe the specific implementation steps to deploy SAN and NAS security options, while also discussing the different ways to fully optimize current storage architectures. This book can also be used by organizations that have deployed a storage network and are interested in learning more ways to secure it. Block Data Versus File Data In order to understand security threats for storage networks, it is important to understand the differences between file-level data and block-level data. NAS storage devices support file-level data, which is the traditional type of data we are accustomed to on PC systems. NAS devices using file-level data present file systems remotely over the network. An entire file system, a partial file system, or even a single individual file can be presented to a remote server over the network. File-level data using NFS and CIFS (SMB) are the traditional methods of deployment. SAN storage devices use block data, where an entire SCSI partition is presented over the network. Unlike file-level data, block data does not present individual files, folders, or even file systems, but the entire drive (block) itself (usually 50 to 100 gigabytes in size at a time). For example, think of file-level data as an access to the remote file system (partial or full); however, think of block-level data as an access to the entire hard drive (regardless of file system type) over the network. Block data is like having two or three more hard drives inside a server, but presented to the server over the network using iSCSI or Fibre Channel and not installed inside the machine using IDE or SCSI ribbons. The other difference between file-level data and block-level data is that file-level data (NAS devices) contain multi-system support and block data blocks usually do not. Multiple machines or users can access the same remote file system (NFS or CIFS) at the same time as long as it is formatted to the correct file system time (such as NTFS or FAT for Windows). On the other hand, block data is not necessarily meant to have multiple systems connected to a single block of data at the same time. (Note: Some Fibre Channel and iSCSI SANs do support multiple connections to the same block data, but it is not the default.) It would be difficult for a single hard drive to have two IDE or SCSI ribbons connected to two separate servers; similarly, block data does not usually have multiple servers connected to it at the same time. It is possible for multiple systems to connect to the same block data repository over iSCSI or Fibre Channel; however, it results in a denial-of-service problem because two separate servers are trying to mount the same block data. Until one of the servers stops sending requests for the block data, the other will not be able to access it either. The key idea to understand with either file or block data is that they are both data targets that contain large amounts of data viewable to any attacker or unauthorized user. File data is what most systems are accustomed to. Block data, however, is just as valuable to an attacker (if not more) since it contains large volumes of data but in block format, which is just as easy to mount and read as file-level data but requires different mounting and reading steps. The following table briefly summarizes the difference between block and file data. Block Data File Data SANs NASs Block format (hard drive) File format (file system) Usually one system per block Multiple systems per folder SCSI via iSCSI or Fibre Channel NFS or CIFS via IP New hard drives over the network New file systems over the network The top figure shows a mounted drive (Disk 1) for block data. The bottom figure shows a mounted file system (X:\) for file data. Why Storage Security? The necessity for storage security is similar to the need for security on any other entity of high value in your organization. For example, the popularity of patching utilities and anti-virus applications are not necessarily for their ability to provide security protection (even though that is an important benefit), but rather their ability to improve uptime and availability of computer systems, networks, and data integrity. Similarly, the unavailability of a storage network or the lack of integrity of data, which would leave an organization in a state of disarray, has a much bigger impact than an infected laptop or an offline application. A good example of this is the SASSER-RPC worm released in 2004 that targeted Microsoft operating systems. Although the worm was intended for Windows, many storage devices that support Windows protocols, such as CIFS and SMB, were also vulnerable, which essentially made the storage device unusable until a full system reboot and patch. The risk of data being unavailable, corrupted, abused, or even deleted will cause tremendous financial harm and storage downtime for many organizations. Furthermore, the regulatory issues that involve storage networks are confusing at best, requiring a resource to guide everyone through the process. This book's primary attraction is its ability to discuss, demonstrate, and prioritize the storage security issues that every organization faces. The book will not use high-level or abstract language and fail to provide any details, but rather provide an abundant amount of security details to allow readers to finally understand what the real issues are with storage security and how they can asses the risk for themselves. The book will also provide details to distinguish the high-risk/high-impact issues versus low-risk/nominal-impact issues. A key purpose for the book is to provide a clear understanding of the technology. Storage security is a relatively new industry and can be an overwhelming topic. Several years ago when I began researching storage and security, there were no storage security products, web sites, or whitepapers about storage security. There were only a few people willing to talk to me about the seriousness of storage security. Years later, there is not only an entire industry on securing storage, with large companies like Symantec and Veritas merging together, but with its new popularity, there is a lot more confusion. The need to secure storage is important on many levels. From a security perspective, many organizations (and their security departments), are not aware of the data protection issues surrounding storage. From the storage perspective, many storage administrators are unaware of the security issues that will affect system uptime and data availability. Another reason why storage security is needed is for the ease of comprehension. There are many sources that discuss attack classes in storage, but a few actually provide risk exposure descriptions. A key goal of this book is not to force arbitrary risk levels on your organizations, but to describe the threat vector and attack surface in detail and allow readers to deduce their own risk based on the outcomes of these possible attacks. Readers will find out that security attacks don't change, but get modified and improved (just like viruses and worms). History has shown that attack classes that affected networks in the 1990s will also affect applications in the 2000s. Similarly, the same attack classes, such as segmentation weakness, poor session maintenance, and poor authentication, have also affected storage networks. However, a successful attack on storage equates to data loss or outright compromise. The completion of this book will provide a very detailed guide of securing storage and understanding attacks. Regulations and Storage Regulatory issues facing storage have created significant legal issues for many financial, e-commerce, and medical organizations. New acts and policies such as the Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley, Gramm-Leach Bliley Act (GLBA), SEC Rule 17a-4, DOD (Department of Defense) 5015, and California's SB1386 (Senate Bill 1386) are making a sizable impact on how the storage of data must be protected from unauthorized users, even if those unauthorized users are not hackers but internal employees. Furthermore, as internal audit groups and external IT auditors begin to understand that sensitive data is residing in the storage network/ devices (as opposed to servers or desktops), the focus will shift away from operating system security to storage networking security. Government regulations primarily focus on security controls and auditing practices. A key issue for many storage networks, devices, and protocols is their lack of any security controls to protect data at-rest or in-flight. Additionally, government regulations don't decipher the difference between controls against outside attackers versus malicious internal employees. The fact that data is easier to compromise on a storage filer versus an operating system only adds to the storage security problem. Regulations have highlighted an overlying issue of data protection. Data, whether it is financial data, non-public private information, or medical data, needs to be protected from unauthorized external and internal entities at all times. Government regulations have only helped raise the concerns that have existed since the first SAN or NAS network. Best-Practice Benefits Parts of certain chapters in this book are solely dedicated to best practices. Best practices are important in order to understand standard methods of secure deployment; however, they should not be used as inflexible guidelines. Implementation of security standards and practices will depend on the details and specifics of a storage network. Best practices can be best described as items that are a prerequisite in order to deploy an acceptable amount of security in any given entity. Some of the sample best practices to secure storage are as follows: High-level architecture (defense in depth) Multi-layer architecture Authentication with authorization Encryption Integrity Auditing Detailed implementation guidelines Node hardening Zoning LUN masking CT/CHAP authentication SSL and IPSec encryption At-rest (AES or SHA1) encryption Management access Who Should Read This Book This book targets individuals who are responsible for IT infrastructure. Examples of these individuals are IT managers, storage administrators, network designers, architects, and engineers who want to evaluate security in storage architectures. It will also serve the needs of security consultants, engineers, architects, managers, auditors, trainers, and technical marketing managers who want to update their backgrounds in storage security. The book is targeted toward readers who want to learn the common "how-tos" of securing storage. Readers requiring an essential reference guide can use the book as their primary resource. Generally speaking, this book is targeted for three types of individuals: Individuals who are interested in establishing or expanding their knowledge of securing storage Individuals who are interested in learning how to assess and audit their own storage networks Individuals who are looking for best practices or new strategies for storage security The book's audience will range from novice readers who are looking for the basics behind storage architectures, networking, and LANs, to moderately skilled administrators looking to gain information on Fibre Channel communication, iSCSI, and Internet Protocol. Readers will benefit from the book in several different ways. First, readers will be able to remove the confusion from securing storage. Readers will be able to qualify the risk of their storage network with a clear description of the security issues in storage. Readers will also learn the security principles for designing, testing, and evaluating storage networks. Several chapters have hands-on self-assessment steps for critical security threats and vulnerabilities. Additionally, best practices security measures are discussed in the context of data availability, integrity, and compliance requirements. Finally, readers will understand the security concerns for storage and be able to determine the impact of each issue. This book will provide readers with the data center's guide to analyzing, testing, and implement SAN and NAS security. This book will cover common "how-tos," provide the all-essential "reference steps," and provide recommendations for storage security best practices. The book is not necessarily meant to be read from start to finish, but instead can be a quick reference, where individual chapters are self supporting without knowledge of prior chapters. For example, if a reader needs to understand how to secure a brocade Fibre Channel switch, he can turn directly to Chapter 4, "SANs: Zone and Switch Security." The book can provide insight for the following types of individuals: Individuals interested in a practical method to secure SAN and NAS networks Individuals interested in assessing the security of their existing SAN and NAS networks Individuals interested in testing the security of their existing SAN and NAS networks Individuals interested in expanding their security knowledge on emerging storage technologies, such as encryption, authentication, and management Individuals interested in understanding how governmental regulations and compliance requirements affect storage How This Book Is Organized This book is organized into five parts consisting of fourteen chapters that include details on SAN security, NAS security, iSCSI security, storage defenses, polices, trends, and case studies. The first three parts discuss core issues with SAN and NAS security, attacks against SAN and NAS devices, and SAN and NAS security solutions. These chapters target some of the most important topics in securing storage, as well as testing procedures for each attack class. Chapter 1 begins with an overview of storage security, covering its basic premise, the problems encountered, typical uses, and future trends. Additionally, an overview of security and storage standards is discussed. Chapters 2 through 4 discuss SAN security risks, including weaknesses of Fibre Channel (FC) and adjoining devices, such as switches and host-bus adapters (HBAs). Additionally, these chapters discuss SAN attacks, self-assessment steps (which allow readers to perform checks against their storage architecture), and mitigating solutions. Chapters 5 and 7 are similar to Chapters 2 through 4, but focus on NAS architectures instead of SANs. Chapter 5 discusses the risks associated with NAS storage devices using IP protocols such as NFS and CIFS. Chapters 6 and 7 discuss CIFS and NFS security issues, attacks, self-assessment steps, and mitigating solutions for storage architectures. Chapter 8 discusses iSCSI security, including an overview of iSCSI communication, risks associated with iSCSI storage devices, and a discussion of the iSCSI attacks. Part Four of the book focuses on storage defenses. Chapter 9 is a discussion on securing Fibre Channel SANs, Chapter 10 discusses the security of NFS/CIFS NAS, and Chapter 11 discusses the methods to secure iSCSI SANs. These chapters concentrate on how to take existing storage devices and ensure that they secure themselves. Part Five of the book shifts focus from SAN and NAS security risks and attacks, to larger storage security issues, such as emerging security technologies, regulations, and case studies. These three chapters discuss security from the adherence perspective, both from the governmental aspect as well as from best practices. Chapter 12 discusses some of the major governmental policies that affect storage architectures. Chapter 13 discusses how to audit your storage network based on the government compliances and security best practices. Finally, Chapter 14 is a discussion of real-world case studies in storage environments. Examples describe SAN and NAS architectures with the optimal amount of security and functionality. How This Book Is Written The book is written to address the topic of securing storage from a technology perspective. It does not discuss the proper paper policies and procedures that should be in place, nor does it describe the human processes of security as it pertains to storage. It also does not discuss storage security at a high level, but does specifically discuss how storage systems, networks, and protocols are affected by security. The key difference this book will offer is not to generically say storage has security problems and glaze over the details, but to start with the details first. The book discusses the security weaknesses, threats, exploits, and attacks of storage systems, networks, and technologies in Chapters 2 through 8. After the discussion is complete, the book discusses the mitigating solutions of each prior attack identified in Chapters 9 through 14. The reason for a deep discussion of the attacks is because it is very difficult to discuss solutions only without any context of the problem. Although some vendors will not appreciate the fact that this book exposes problems, it is not written to embarrass any vendor or to prevent end-users from adopting storage devices, but instead to show organizations why certain security mitigations and solutions need to be in place when deploying a storage network. For example, after a virus infects a user's machine, it is easier to discuss why anti-virus software and host hardening procedures are very important items. The same idea applies to storage. Organizations will understand why taking active steps to secure storage is important after reviewing the attacks in Fibre Channel, iSCSI, CIFS, and NFS. The book makes an attempt to classify the risk of each identified problem; however, the discussion is limited because risk is best measured when applied to specific scenarios and not generic examples. Many attacks shown in this book can be classified as low risk, but they are still discussed to expose the reader to the security problem. Conversely, many attacks shown in the book are also high risk and are shown to its full extent and detail. The book is not vendor specific, but rather protocol specific (Fibre Channel and iSCSI for SANs and NFS and CIFS for IP NAS). The book holds storage systems, networks, and protocols to the same standard of security as operating systems, wireless networks, and application security. Storage security strengths are discussed to show the reader the positive security aspects of storage; however, it also shows failed or poor security attempts in storage systems, networks, and protocols. The book does not give storage devices/networks any "breaks" since it is an emerging technology. Any system and/or network that controls a large portion of an organization's data must be held to the same high security standard expected from operating system vendors or even application product vendors. Finally, the book is written in the context of full disclosure. The goal is to allow each reader to receive enough information to read, perform, and analyze each security problem and each discussion about the mitigating solution. This model should allow the reader to make risk acceptability decisions based on their own storage environment. (c) Copyright Pearson Education. All rights reserved. Excerpted from Securing Storage: A Practical Guide to SAN and NAS Security by Himanshu Dwivedi All rights reserved by the original copyright owners. Excerpts are provided for display purposes only and may not be reproduced, reprinted or distributed without the written permission of the publisher.