Securing Storage: A Practical Guide to SAN and NAS Security (Hardcover)

Himanshu Dwivedi

  • 出版商: Addison Wesley
  • 出版日期: 2005-11-21
  • 售價: $1,800
  • 貴賓價: 9.5$1,710
  • 語言: 英文
  • 頁數: 560
  • 裝訂: Hardcover
  • ISBN: 0321349954
  • ISBN-13: 9780321349958
  • 相關分類: 資訊安全
  • 立即出貨(限量) (庫存=1)




Systematically address your #1 enterprise security gap: storage


Securing Storage is an indispensable resource for every storage and security professional, and for anyone responsible for IT infrastructure, from architects and network designers to administrators.


You’ve invested heavily in securing your applications, operating systems, and network infrastructure. But you may have left one crucial set of systems unprotected: your SAN, NAS, and iSCSI storage systems. Securing Storage reveals why these systems aren’t nearly as secure as you think they are, and presents proven best practices for hardening them against more than 25 different attacks.


Securing storage is crucial to protecting intellectual property and trade secrets and complying with regulations ranging from Sarbanes-Oxley and HIPAA to Gramm-Leach-Bliley and SEC Rule 17a4. This book offers a complete blueprint for protecting all your storage systems–and all the data stored on them.


Most enterprises have failed to adequately address one crucial component of IT security: storage. The storage industry has largely failed to deliver secure solutions, and many IT professionals simply assume that security can be handled elsewhere. The result is a gaping security hole: it’s now far easier for internal attackers to compromise storage devices than to attack applications or operating systems. Now, for the first time, one of the world’s top storage security experts systematically reveals the weaknesses in SAN and NAS security–and offers robust, practical solutions.


Drawing on years of leading-edge research, renowned storage architect and security researcher Himanshu Dwivedi explains why SAN and NAS systems have become an open target for unauthorized access and data compromise–and why “security by obscurity” strategies will fail to protect storage, just as they’ve failed elsewhere. Dwivedi offers expert, step-by-step guidance for evaluating your own storage environment, designing security into it, implementing storage security best practices, and optimizing the security settings on any shared storage device. He also presents a full chapter of real-world case studies.

Coverage includes


•    Recognizing vulnerabilities that arise from inadequate perimeter security

•    Understanding where attacks on storage devices typically originate

•    Testing storage network security and audit compliance

•    Protecting against SAN attacks: WWN spoofing, name server pollution, session hijacking, zoning hopping, e-port and f-port

      replication, LUN  mask subversion, and more

•    Protecting NAS systems against attacks on Windows CIFS and Unix/Linux NFS protocols

•    Defending against iSCSI attacks, from iQN spoofing to CHAP message reflection and offline password brute forcing

•    Securing individual Fibre Channel and iSCSI SANs, NAS devices, and more

Table of Contents



About the Author.

 1. Introduction to Storage Security.


 2. SANs: Fibre Channel Security.

 3. SANs: LUN Masking and HBA.

 4. SANs: Zone and Switch Security.


 5. NAS Security.

 6. NAS: CIFS Security.

 7. NAS: NFS Security.


 8. SANs: iSCSI Security.


 9.Securing Fibre Channel SANs.

10. Securing NAS.

11. Securing iSCSI.

V. SAN/NAS Policies, Trends, and Case Studies.

12. Compliance, Regulations, and Storage.

13. Auditing and Securing Storage Devices.

14. Storage Security Case Studies.






保護儲存系統對於保護知識產權和商業機密以及遵守從Sarbanes-Oxley和HIPAA到Gramm-Leach-Bliley和SEC Rule 17a4的各種法規至關重要。本書提供了保護所有儲存系統和其中存儲的所有數據的完整藍圖。


借助多年的尖端研究,著名的儲存架構師和安全研究人員Himanshu Dwivedi解釋了為什麼SAN和NAS系統已成為未經授權訪問和數據破壞的開放目標,以及為什麼“安全性通過模糊性”策略將無法保護儲存,就像在其他地方一樣失敗。Dwivedi提供了評估自己儲存環境、設計安全性、實施儲存安全最佳實踐和優化任何共享儲存設備的安全設置的專家級、逐步指導。他還提供了一整章的實際案例研究。


- 識別由於不足的邊界安全性而產生的漏洞
- 了解對儲存設備的攻擊通常從何處發起
- 測試儲存網絡安全性和審計合規性
- 防範SAN攻擊:WWN欺騙、名稱服務器污染、會話劫持、區域跳躍、e端口和f端口複製、LUN遮罩破壞等等