Brocade Communications Systems 8/40 Service Manual download pdf (Page 7)

BCSM IN A NUTSHELL 2008

Page 5 of 44

1 SECURITY

1.1 MANAGING SAN SECURITY

PROTECTING YOUR MANAGEMENT INTERFACES

A goal is to minimize threats by limiting access to the management interfaces. This can be achieved by:

• Employing IP network security best practices

• Disabling unused management interfaces like telnet, SNMP and HTTP

• Using secure protocols like SSL, SMNPv3 and SSHv2

BEST PRACTICES

Best-practice IT security strives to maintain five basic objectives that provide a foundation for protecting

against threats and attacks that can be executed against a storage environment:

• Availability

o Data must always be available to authorized users whenever it is needed

• Integrity

o In order to maintain its integrity, data must not be modified in any way

• Authentication

• Confidentiality

o Sensitive data such as personal information, intellectual property, and data pertaining to

national security must remain strictly confidential

• Non-repudiation of data

o Non-repudiation is the ability to ensure that a party to a contract or a communication cannot

deny the authenticity of their signature on a document or the sending of a message that they

originated. On the Internet, the digital signature is used not only to ensure that a message or

document has been electronically signed by the person that purported to sign the document,

but also, since a digital signature can only be created by one person, to ensure that a person

cannot later deny that they furnished the signature.

When implementing SAN-attached servers located in a DMZ, Brocade recommends the following to protect

the SAN from the Internet:

• Use a VLAN for the management network

• Create a separate zone for the devices in the DMZ

• Implement LUN masking at the disk storage controller

1 2 3 4 5 6 7 8 9 10 11 12 ... 45 46

No comments

Brocade Communications Systems 8/40 Service Manual Page 7