Sidebar: New Security Standards May Solve Storage Gaps
Computerworld -
Standards bodies, such as the International Committee for Information Technology Standards (INCITS) and the Internet Engineering Task Force (IETF), are working on Fibre Channel security standards as well as extending existing Internet protocols for moving block-level and file data over Ethernet networks, which are crucial to securing data as companies continue to push disaster recovery sites farther away from primary data centers.
The INCITS T11.3 committee is working on a draft of the Fibre Channel Security Protocol that it expects to release by the end of 2003. The protocol will address authentication at the management interface level between devices on a storage-area network (SAN), mostly likely using a public-key-infrastructure-based digital certificate.
The committee is also working on a frame-by-frame authentication method similar to packet-to-packet authentication in the IPsec protocol. The goal is to enhance the Fibre Channel frame with the definition of a new optional header that would contain something analogous to IPsec's Encapsulating Security Payload (ESP) protocol. ESP would allow SANs to support authentication, confidentiality and data integrity protection.
"Basically, the storage server won't accept frames unless they have proper security authorization," says Craig Carlson, chairman of the T11.3 committee and a systems architect at QLogic Corp. in Aliso Viejo, Calif.
For example, frame authentication will ensure an unauthorized user won't be able to manufacture a fake frame to tell the management application to take down a switch port or open access to a disk on an array, Carlson says.
Also, the IETF's IPsec Working Group is studying how to extend the Internet key exchange for network-address translators and firewalls. The group has produced a draft defining security requirements for Fibre Channel over IP standards, such as iSCSI, iFCP and FCIP.
But the standards bodies' work only addresses access, which leaves the door open to hackers, according to Michael Peterson, an analyst at Strategic Research Corp. in Carpinteria, Calif.
"There's all kinds of data still floating around," he says. "What do you do with old backup tapes, for instance?"
Read more about storage in Computerworld's Storage Knowledge Center.
Storage
Additional Resources



White Papers & Webcasts
Tape Killed the IT Guy
Watch Now
Cache Tier Memory Efficiency with Gear6 Web Cache
Download this valuable white paper!
Customer Video: Cardinal Health
Download Now
Connecting to the Cloud with F5 and VMware VMotion
F5 and VMware partner to enable live application and storage migrations between datacenters and clouds, over short or long distances.
Virtualize Microsoft Applications on VMware
Register for this live webcast now!
F5 Virtualization Guide: Seven Key Challenges You Can't Ignore
Seven Key Challenges You Can't Ignore
Strategic ECM Webinar
Learn what new strategic business benefits can be realized through ECM!



