CCS367- Storage Technologies

Unit V
Securing the Storage Infrastructure

Dr. A. Muthumari
Assistant Professor/CSE
Anna University Regional Campus Madurai

© 2007 EMC Corporation. All rights reserved.

 Securing the Storage Infrastructure

Module 6.1

© 2007 EMC Corporation. All rights reserved.

Module Objectives
Upon completion of this module, you will be able to:
 Define storage security
 List the critical security attributes for information systems
 Describe the elements of a shared storage model and
security extensions
 Define storage security domains
 List and analyze the common threats in each domain

© 2007 EMC Corporation. All rights reserved. Securing the Storage Infrastructure - 3
Lesson 1: Defining Storage Security
Upon completion of this lesson, you will be able to:
 Define storage security
 Describe the three primary elements protected by
information-centric security
 Name the three primary security attributes of a given
entity
 Describe how and why security services are used to
protect information

© 2007 EMC Corporation. All rights reserved. Securing the Storage Infrastructure - 4
What is Storage Security
 The convergence of information
security, data storage, and
computer networking Security

– The application of information

security principles and practices to
data storage technologies
➢ Primary focus is on securing access
to data
➢ Most principles will apply regardless
of transport technology (TCP/IP,
Fibre Channel, etc.)

 The implementation of security Networking Storage

controls to mitigate the risk of
vulnerabilities in the storage
network

© 2007 EMC Corporation. All rights reserved. Securing the Storage Infrastructure - 5
Information Security – What is it?

Information Security
Protecting information and information
systems from unauthorized access, use,
disclosure, disruption, modification, or
destruction to provide:

Confidentiality Integrity Availability

Preventing unauthorized Guarding against improper Ensuring timely and
access to or disclosure of information modification or reliable access to
proprietary or private destruction, ensuring and use of information
information information authenticity
and non-repudiation

Source: The US Federal Information Security Management Act (FISMA)

© 2007 EMC Corporation. All rights reserved. Securing the Storage Infrastructure - 6
Protecting People, Transactions, and Data
Information-Centric Security
Approaching Information Security as an Information Management
Problem

Understand Business Risk to Establish Policy and Priority

WAN

LAN Transactions
SAN
Enforce Policy in People, Transactions, Infrastructure, and Data

People Infrastructure Data

Audit Environment to Assure Policy Compliance

© 2007 EMC Corporation. All rights reserved. Securing the Storage Infrastructure - 7
Security Attributes

Availability Confidentiality
Utility Possession
Accountability
Assurance

Integrity
Authenticity

© 2007 EMC Corporation. All rights reserved. Securing the Storage Infrastructure - 8
Thinking about Security Threats

Threats Assets

Risk

Vulnerabilities

The Risk Triad

© 2007 EMC Corporation. All rights reserved. Securing the Storage Infrastructure - 9
Controls
 We implement countermeasures  Controls provide different
(aka safeguards, or controls) in functions
order to lessen the impact of a – Preventive
vulnerability – Corrective
 Controls are technical or non- – Detective
technical
– Technical Preventive + Detective → Corrective
➢ implemented in computer hardware,
software,
or firmware
– Non-technical
➢ Administrative (policies, standards)
➢ Physical (guards, gates)

© 2007 EMC Corporation. All rights reserved. Securing the Storage Infrastructure - 10
Security Services
 We build controls using security services.
– Access Control
– Confidentiality
– Availability
➢ Timely and reliable access to data and information services
❖ Loss of availability == denial of service (DoS)
– Nonrepudiation
➢ Proof of participation (sender or receiver)
– Integrity
➢ Guarding against improper modification or destruction of data
❖ Also assures non-repudiation and authenticity

© 2007 EMC Corporation. All rights reserved. Securing the Storage Infrastructure - 11
Access Control
 Access control components:
➢ Identification:
❖ Recognition of an entity (user, process, role)
➢ Authentication
❖ Identification with some level of assurance (verification)
➢ Authorization
❖ Determine the access right of an entity
➢ Enforcement
❖ Actually enforces the access control decision

© 2007 EMC Corporation. All rights reserved. Securing the Storage Infrastructure - 12
Confidentiality
 Confidentiality
➢ Data Protection
❖ Act directly on the data (encryption)
➢ Data Separation
❖ prevent data from reaching an unauthorized location
➢ Traffic flow protection
❖ Hide source, destination, frequency, quantity, etc. of communication

© 2007 EMC Corporation. All rights reserved. Securing the Storage Infrastructure - 13
Lesson Summary
Key points covered in this lesson:
 Information security starts with people, data, and
transactions
– Actors, actions, and assets

 Our primary security concerns are the confidentiality,

availability, and integrity of our information and systems
 We implement controls to address our vulnerabilities
 Access control and confidentiality are our two most
important controls

© 2007 EMC Corporation. All rights reserved. Securing the Storage Infrastructure - 14
Lesson 2. Developing a Storage Security Model
Upon completion of this lesson, you will be able to:
 List the components of the SNIA shared storage model
 Explain how to utilize the @Stake storage security model
to analyze a storage implementation

© 2007 EMC Corporation. All rights reserved. Securing the Storage Infrastructure - 15
The SNIA Shared Storage Model:
Overview

Application
File/record layer
Storage domain

Database File system

(dbms) (FS)

Services
Host

Network
Block
aggregation Device

Storage devices (disks, …)

Block layer
Source: SNIA Technical Council, Shared Storage Model, SNIA, April 2003, p.10
© 2007 EMC Corporation. All rights reserved. Securing the Storage Infrastructure - 16
The SNIA Shared Storage Model:
Access Path

Application
File/record layer
Storage domain

Database File system

(dbms) (FS)

Services
Host

Network
Block
aggregation Device

Storage devices (disks, …)

Block layer
Source: SNIA Technical Council, Shared Storage Model, SNIA, April 2003, p.10
© 2007 EMC Corporation. All rights reserved. Securing the Storage Infrastructure - 17
Restricting Access Paths
 Existence of an access path doesn’t imply permission to
use it!
 We can enforce access in several places:
– The server (host)
– In the storage network (SAN, iSCSI, FCIP)
– At the storage devices

© 2007 EMC Corporation. All rights reserved. Securing the Storage Infrastructure - 18
The @stake Security Storage Model

Application

File/record layer
Database File system

Management
(dbms) (FS)

Transport
Host

Network
Block
aggregation Device

Block layer

Storage devices (disks, …)

© 2007 EMC Corporation. All rights reserved. Securing the Storage Infrastructure - 19
Layers of Security and the Shared Storage Model

Application Authentication
File/record layer
Authorization
Database File system
(dbms) (FS)
Auditing

Host Integrity
Network
Block
aggregation Device

Block layer Encryption

Storage devices (disks, …) Availability

Source: Himanshu, D., Hubbard, A., Securing Storage Networks, @stake Inc., April, 2003, p. 26
© 2007 EMC Corporation. All rights reserved. Securing the Storage Infrastructure - 20
Vulnerability Management
 Vulnerabilities can occur anywhere in the chain
– An attacker can bypass controls implemented at a single point in the
chain
– Requires “defense in depth”

 Failure anywhere in the chain can jeopardize the security

of our information assets
– Loss of authentication may jeopardize confidentiality; loss of a device
jeopardizes availability

© 2007 EMC Corporation. All rights reserved. Securing the Storage Infrastructure - 21
Understanding Vulnerabilities
 Attack surface: the available interfaces supported by a
component (software, hardware)
➢ E.g., Application server (network backup) allows unauthenticated
logins.

 Attack vectors: the chain of vulnerabilities exploited to

achieve a loss of security.
➢ E.g., Using a management interface to modify a storage device to
snoop the transport layer

 Work factor: the amount of effort required to exploit an

attack vector.
➢ E.g., Why attack the database when I can attack the storage array
instead?

© 2007 EMC Corporation. All rights reserved. Securing the Storage Infrastructure - 22
Lesson Summary
Key points covered in this lesson
 The shared storage model includes the file/record layer,
the block layer, and the storage device layer, as well as
the interconnect and services layers.
 The @stake storage security model explicitly adds
storage applications and storage management layers as
attack points
 Identifying security elements at each layer help us identify
attack surfaces and track attack vectors that involve
multiple layers.

© 2007 EMC Corporation. All rights reserved. Securing the Storage Infrastructure - 23
Lesson 3. Securing Data Storage
Upon completion of this lesson, you will be able to:
 Describe three security domains for storage networking
 List the various threats in each domain
 Describe the controls that can be applied to mitigate
these threats
 List various examples of these controls

© 2007 EMC Corporation. All rights reserved. Securing the Storage Infrastructure - 24
Storage Security Domains

Management
Access

Backup,
Recovery & Archive
Application STORAGE
Access NETWORK Secondary
Storage

Data Storage

© 2007 EMC Corporation. All rights reserved. Securing the Storage Infrastructure - 25
NIST Risk Assessment Methodology
1.System Characterization

2. Threat Identification
3. Vulnerability Identification Given that an attacker and a
vulnerability exist, then
4. Control analysis Risk = ƒ(likelihood * Impact)

5.Likelihood determination

6.Impact Analysis

7.Risk determination
8.Control Recommendations
9.Results Documentation
© 2007 EMC Corporation. All rights reserved.
Special Publication 800-30: Risk Management
Guide for Information Technology Systems, NIST,
2002
Securing the Storage Infrastructure - 26
Security Elements for Each Domain
 Existing Threats
 Available Controls
 Existing Solutions

© 2007 EMC Corporation. All rights reserved. Securing the Storage Infrastructure - 27
Securing Application Access

Management
Access

Backup,
Recovery & Archive
Application STORAGE
Access NETWORK Secondary
Storage

Data Storage

© 2007 EMC Corporation. All rights reserved. Securing the Storage Infrastructure - 28
Threats Against Application Access to Data

 Spoofing host Array

/ user identity

Host

Volumes
IP STORAGE
NETWORK Host NETWORK
Array

Host

 Spoofing identity
 Elevation of  Spoofing identity Volumes
privilege  Tampering with data
 Network snooping  Media
Host
 Denial of service theft
© 2007 EMC Corporation. All rights reserved. Securing the Storage Infrastructure - 29
Critical Functionality for Securing Application
Access

 Controlling User Access to data

 Controlling Host Access to data
 Protecting Storage Infrastructure
 Protecting Data at Rest

© 2007 EMC Corporation. All rights reserved. Securing the Storage Infrastructure - 30
Controlling User Access to Data

✓ Spoofing User Identity (Integrity, Confidentiality)

Threats ✓ Elevation of User privilege (Integrity,
Addressed Confidentiality)

✓ User Authentication (Technical)

Available
Controls ✓ User Authorization (Technical, Administrative)

✓ Strong authentication
✓ NAS: Access Control Lists
Examples
✓ Information Rights Management

© 2007 EMC Corporation. All rights reserved. Securing the Storage Infrastructure - 31
Controlling Host Access to Data

✓ Spoofing Host Identity (Integrity, Confidentiality)

Threats
✓ Elevation of Host privilege (Integrity,
Addressed
Confidentiality)

✓ Host and storage authentication (Technical)

Available ✓ Access control to storage objects (Technical,
Controls Administrative)
✓ Storage Access Monitoring (Technical)
✓ iSCSI Storage: Authentication with DH-CHAP
✓ SAN Switches: Zoning to segment the storage network
Examples ✓ Array: LUN Masking to prevent ability to view
unauthorized storage volumes
✓ Security Information Management

© 2007 EMC Corporation. All rights reserved. Securing the Storage Infrastructure - 32
Protecting Storage Infrastructure

✓ Tampering with data in flight (Integrity)

Threats
Addressed ✓ Denial of service (Availability)
✓ Network snooping (Confidentiality)

Available ✓ Infrastructure integrity (Technical)

Controls ✓ Storage network encryption (Technical)

✓ SAN Switches: Fabric Integrity capabilities

✓ IP Storage: IPSec
Examples ✓ Fibre Channel: FC-SP (Fibre Channel Security Protocol)
✓ Host Security Best Practices
✓ Controlling physical access to Data Center

© 2007 EMC Corporation. All rights reserved. Securing the Storage Infrastructure - 33
Protecting Data at Rest

✓ Tampering with data at rest (Integrity)

Threats
Addressed ✓ Media theft (Availability, Confidentiality)

✓ Encryption of data at rest (Technical)

Available ✓ Data integrity (Technical)
Controls
✓ Data erasure (Technical)

✓ Storage Encryption Service

✓ NAS: Antivirus and File extension control
Examples
✓ CAS: Content Address (MD5 or SHA-256 Hash)
✓ Data Erasure Services
© 2007 EMC Corporation. All rights reserved. Securing the Storage Infrastructure - 34
Data Security Domains

Management
Access

Backup,
Recovery & Archive
Application STORAGE
Access NETWORK Secondary
Storage

Data Storage

© 2007 EMC Corporation. All rights reserved. Securing the Storage Infrastructure - 35
Threats Against Management Access to Data

 Spoofing host identity

 Spoofing user identity
 Tampering with data
 Elevation of user privilege
 Network snooping
Console
Resource  Denial of service
Management Host
Platform Host
Host
 Spoofing host
or user identity

Console Host Console

IP Host or CLI
or CLI NETWORK
Agent Agent

Host Array Array

Host Switch
Host

Storage Infrastructure
© 2007 EMC Corporation. All rights reserved. Securing the Storage Infrastructure - 36
Critical Functionality for Securing Management
Access

 Controlling Administrator Access

 Protecting Management Infrastructure

© 2007 EMC Corporation. All rights reserved. Securing the Storage Infrastructure - 37
Controlling Administrator Access

✓ Spoofing User / Administrator identity (Integrity)

Threats
✓ Elevation of User / Administrator privilege
Addressed
(Integrity)

✓ User Authentication (Technical)

Available
✓ User Authorization (Administrative, Technical)
Controls
✓ Audit (Administrative, Technical)

✓ Authentication: Two factor authentication,

Certificate Management
Examples
✓ Authorization: Role Based Access Control (RBAC)
✓ Security Information Event Management
© 2007 EMC Corporation. All rights reserved. Securing the Storage Infrastructure - 38
Protecting Management Infrastructure

✓ Tampering with data (Integrity)

Threats
✓ Denial of service (Availability)
Addressed
✓ Network snooping (Confidentiality)
✓ Mgmt Network Encryption (Technical)
Available ✓ Mgmt Access Control (Technical, Administrative)
Controls
✓ IP Network Security Best Practices (Technical,
Physical)
✓ CLI or Consoles: SSH or SSL over HTTP
✓ Encrypted links between arrays and hosts
Examples ✓ Host Access Control
✓ Private Management Network
✓ Disable unnecessary network services
© 2007 EMC Corporation. All rights reserved. Securing the Storage Infrastructure - 39
Securing Backup, Replication and Archive (BURA)

Management
Access

Backup,
Recovery & Archive
Application STORAGE
Access NETWORK Secondary
Storage

Data Storage

© 2007 EMC Corporation. All rights reserved. Securing the Storage Infrastructure - 40
Threats Against Backup, Recovery, and Archive

Host  Spoofing DR site identity

 Tampering with data
 Network snooping
 Denial of service
Array
Disk
DR Secondary DR
NETWORK storage Site
Tape

 Media theft
© 2007 EMC Corporation. All rights reserved. Securing the Storage Infrastructure - 41
Protecting Secondary Storage and Replication
Infrastructure

✓ Spoofing DR site identity (Integrity, Confidentiality)

Threats ✓ Tampering with data (Integrity)
Addressed
✓ Network snooping (Integrity, Confidentiality)
✓ Denial of service (Availability)

✓ Primary to Secondary Storage Access Control

Available (Technical)
Controls ✓ Backup encryption (Technical)
✓ Replication network encryption (Technical)

✓ External storage encryption services

Examples ✓ Built in encryption at the software level
✓ Secure replication channels (SSL, IPSec)
© 2007 EMC Corporation. All rights reserved. Securing the Storage Infrastructure - 42
Lesson Summary
Key points covered in this lesson
 Three storage security domains:
– Host/User access to storage
– Management access
– Backup, Recovery, and Archive (BURA)

 Threats include spoofing user and host identity, tampering

with data, network snooping and denial of service
 Access control and encryption are our primary controls
within each domain

© 2007 EMC Corporation. All rights reserved. Securing the Storage Infrastructure - 43
✓ Check Your Knowledge
 What are the three entities that information-centric
security protects?
 What are the three primary security attributes?
 What are the primary elements of the shared storage
model?
 What are the security elements that any system must
have?
 What are the three data security domains?
 What are the two primary security service for protecting
information within a storage network?

© 2007 EMC Corporation. All rights reserved. Securing the Storage Infrastructure - 44
Module Summary
Key points covered in this module:
 Storage security combines storage technologies,
networking, and information security.
– Protect the confidentiality, availability, and integrity of the storage
network components and the information that they transmit or store

 Our storage security model analyzes security attributes

across multiple layers
– transmission, management, file/record level access, block
aggregation, and the devices themselves.

 Access control and encryption are our primary controls

within our key security domains
– Host/User access to storage, Management access, and Backup,
Recovery, and Archive (BURA)

© 2007 EMC Corporation. All rights reserved. Securing the Storage Infrastructure - 45
✓ Apply Your Knowledge
Upon completion of this topic, you will be able to:
 List a selection of EMC’s products and services in
Information Security
 Describe the Assess-Secure-Assure Cycle
 Identify some key EMC products for authentication
 Identify some key EMC products for data protection

© 2007 EMC Corporation. All rights reserved. Securing the Storage Infrastructure - 46
EMC Information Security Services

Assess Risk
• Assessment Service for Storage Security Secure Data
▪ Classification for Information Security ▪ Design and Implementation
for Storage Encryption
▪ EMC Certified Data Erasure
▪ EMC Disk Retention
Secure Identities, Access & ▪ SAN Security
Infrastructure
▪ Authentication Strategy
▪ Identity and Access Management Strategy
▪ Secure Remote Support Gateway
▪ Symmetrix Secure Credentials &
Assure Compliance
Tamperproof Audit Log ▪ Compliance Assessment
▪ Design and Implementation for Security
Information Management

Plan Build Manage Support

Ongoing Project Management—Available Educational Services

© 2007 EMC Corporation. All rights reserved. Securing the Storage Infrastructure - 47
Identity and Access Management

Market-leading OTP Backend Infrastructure

Tokens, USBs, on  Administrative tools &
PDAs, on cell workflow
phones  Data repository integration
 Scalable, reliable real-time
Digital certificate & smart performance
chip-based solutions Trusted Identity

Leverage: Identity Empowerment

Web SSO and Enterprise SSO Cross-Domain SSO

Access Management (Federation)

© 2007 EMC Corporation. All rights reserved. Securing the Storage Infrastructure - 48
Securing Identities and Access: Example
 Secure Remote Support
Gateway enables authentication Secure Identities, Access &
for managed devices Infrastructure
– RSA SecurID authenticates CE
login to EMC remote support ▪ Secure Remote Support Gateway
infrastructure ▪ Symmetrix Secure Credentials
– X.509 certificates provide
authenticated access to the
gateway device via SSL

 Symmetrix Secure Credentials utilizes RSA cryptographic technologies to

implement short-lived credentials that support role-based authentication
and access control on the managed device.

© 2007 EMC Corporation. All rights reserved. Securing the Storage Infrastructure - 49
Data Security Vulnerabilities

Primary Data Center Data in Transit Remote Location

2 SRDF or
SAN
SAN MirrorView SAN

1
traffic

Tape
library Tape
library
Primary Physical
3 Offsite tape storage Backup
media
data data

Data in transit is a good candidate for encryption:

1. Tape archives moving by truck to an offsite storage facility
2. Replication data traveling over a network link
3. Handling of data on Fibre Channel disk arrays

© 2007 EMC Corporation. All rights reserved. Securing the Storage Infrastructure - 50
Using Encryption to Secure Your Tape Archives

Primary Data Center Remote Location

NeoScale NeoScale
SAN CryptoStor CryptoStor SAN
Tape Appliance Data in Transit Tape Appliance

Tape Offsite tape storage Tape

Primary data library library Backup data

© 2007 EMC Corporation. All rights reserved. Securing the Storage Infrastructure - 51
Using Encryption to Secure Data During
Replication

Primary Data Center Data in Transit Remote Location

Router Router
SRDF or
SAN MirrorView SAN
traffic
CipherOptics CipherOptics
IPSec VPN IPSec VPN
Appliance Appliance

Primary data Backup data

© 2007 EMC Corporation. All rights reserved. Securing the Storage Infrastructure - 52
Using Encryption to Secure Data on Physical
Media

Data Center
SAN

Sensitive data
NeoScale Encrypted data destined for
CryptoStor Fibre repair operations, data
Channel Disk migrations, or disposal
Protection
Appliance

© 2007 EMC Corporation. All rights reserved. Securing the Storage Infrastructure - 53