Critical for security is a layered security model, also known as defense in depth . In the defense-in-depth model, layers of security are built in conjunction with one another in a complementary fashion. Many networks are built with the M&M model,that is, hard on the outside and soft on the inside. This model crumbles after a single penetration of the outer perimeter. A defense- in-depth model would not crumble if any devices were subverted, such as the outer perimeter, because it would contain security layers behind each device.
An example of the defense-in-depth model in the storage network is an ACL on a storage node, such as an EMC or Network Appliance NAS head, that restricts or permits access according to IP address or subnet. These ACLs complement the required authentication and authorization procedures by the storage appliances and/or operating systems. With this model, if one or both of the security elements were subverted, the attackers would still be denied access if they were not sending the request from the correct IP address. Figure 25-1 illustrates the defense-in-depth model.
The defense-in-depth model allows organizations to protect their critical and sensitive storage data by eliminating any single point of failure. As shown in Figure 25-1, the model can be as simple as enabling security features on operating systems, storage switches, NAS heads, and even back-end disk arrays. Additionally, security controls can be placed on host-bus adapters (HBAs), network interface cards (NICs), client workstations, storage nodes, and storage applications. Because the storage industry has not yet come up with any pure security device, such as a firewall, security features need to be enabled and explored at other devices to support a defense-in-depth architecture to the fullest extent.
A single layer of security does not adequately protect an organizations storage network, proprietary data, or intellectual property. In addition, identified security weaknesses in one area, such as a storage application, can actually nullify strong security measures in other areas, such as a storage switch. A layered security model, in which security is emphasized at key segments throughout the storage network rather than one or two segments, supports a strong storage security posture .