< Day Day Up > |
It isn't worth talking about security if there is no risk. Risk is a measure of the negative economic results associated with vulnerability and threat. Without a negative outcome, risk does not exist. Practically any vulnerability can be used to do damage, of course, so risk goes hand in hand with vulnerability. Risk is also a function of threat. Even if vulnerabilities exist, there must be someone willing to exploit them. In some cases, vulnerability exists, yet no one has the skills to carry out an attack based on it. This means that there is theoretical but not practical risk. This is important when making security decisions. Security is much like insurance. The cost and likelihood of the negative outcome must be weighed against the cost of security. Outcomes of Storage Security BreachesAssuming that an intruder can breach a storage system's security, several outcomes can be predicted. Ultimately, an intruder has a goal in mind when choosing to launch a security attack. Knowing ahead of time what those goals are allows IT professionals to anticipate the attack and prevent it. The first thing that an attacker may do is nothing. Many breaches of system security are carried out by self-styled "hackers" who do what they do for bragging rights or to feel smart and important. These types of attackers are likely to look around yet leave things alone. The next possible outcome is that an intruder will simply look around for interesting things he can use or steal. For some intruders, it will be information they are personally interested in; others are looking for information that has clear market value, such as defense information, product plans, and credit card numbers. Tip Encryption thwarts attackers. Few so-called hackers have the wherewithal or equipment to decrypt strongly encrypted data. If they can get this data and there is nothing for them to see, they will move on to greener pastures eventually. They may also spend a lot of time looking for unencrypted data. This gives the security response team time to analyze the attack, stop it, and safeguard against future attacks. A third outcome is that data is made unavailable for some time, with the purpose of hurting the organization that the intruder is launching the attack against. Denial of service (DoS) attacks are often in this category. They may take down a company's web site for a time or remove a database from service. Sometimes, DoS attacks are precursors to other attacks, sort of a softening-up process. Finally, the most malicious intruders will attempt to destroy or alter data. They attempt to disrupt an organization's operations by denying it key information. Even subtle changes in data can have far-ranging effects on an organization. Tip Solid access control and authentication are the key to preventing these types of attacks. Commonly part of host security, they also must be instituted on management interfaces and storage devices where possible. Connectivity as a Risk MultiplierWhen the Internet was young, risks associated with it were relatively low. At the time, there were a limited number of computers (in the beginning, only four mainframes) tied together over dial-up lines that communicated most of their information via UUCP. It was easy to secure only four machines and a handful of modems. Access to the network was very limited, and the number of assets involved was low. As the Internet grew, both in size and complexity, security problems became more prevalent, and the risk involved in using the network became higher. There were more devices of different types with many more access points. Attackers had access to thousands and then millions of computers, not just four. Networking storage has had a similar effect on storage security risks. Even if the likelihood of a successful attack against a SAN is small, if a malicious attacker does get through defenses, she now has a greater number of devices to wreak havoc on at her disposal. Because risk is based on outcome, a successful intrusion into a SAN could be much more devastating than an intrusion into an equal number of DAS devices. With a SAN, if one server is compromised, the attacker potentially has access to many storage devices. Even if there were no special risks associated with SANs, the risk multiplier of a SAN still needs to be a factor in security planning. Vendor Lock-InAs Fibre Channel SANs evolved, it was clear that the incompatibility issues would persist for some time. Some argued that this was done intentionally by vendors who wanted to gain an advantage in the marketplace. Others would point to the loose standards that are indigenous to the data storage industry. Yet others claimed that it was a matter of evolution, and that all technology often starts in a proprietary form and eventually become more standardized. Whether the reason is loose standards, competitive practices, or normal technology progression, it still stands that much of the Fibre Channel products that are available to IT professionals do not work properly in a multivendor environment. This has led to a rise in single-vendor solutions. A primary storage equipment provider builds entire solutions, either as standard configurations or a custom installation, for a customer using components that have previously been tested by the vendor and certified as interoperable. This has become one of the most popular ways to purchase SAN equipment. It has taken from the system architect the burden of making disparate components work together in a unified architecture. The monoculture inherent in single-vendor solutions means that all devices may be susceptible to a single set of flaws in the devices that make up the solution. An error in a controller's microcode or web interface that generates a security risk will be amplified by the ubiquity of that code in a single-vendor solution. Diversity in infrastructure is important to mitigate risk within an environment. This becomes more worrisome as vendor consolidation creates less choice of vendors. If the vendor of choice is unable to produce security features in a timely manner, vulnerabilities will exist in a vast majority of the systems within the storage infrastructure. Single-vendor solutions contain a risk multiplier owing to the ubiquity of the same type of device and the increased reliance on a limited set of underlying platforms.
|
< Day Day Up > |