Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.

  • Apple
  • Android
  • Windows Phone
  • Android

To get the free app, enter your email address or mobile phone number.

Securing Storage: A Practical Guide to SAN and NAS Security 1st Edition

4 out of 5 stars 5 customer reviews
ISBN-13: 978-0321349958
ISBN-10: 0321349954
Why is ISBN important?
This bar-code number lets you verify that you're getting exactly the right version or edition of a book. The 13-digit and 10-digit formats both work.
Scan an ISBN with your phone
Use the Amazon App to scan ISBNs and compare prices.
Have one to sell? Sell on Amazon
Buy used
In Stock. Sold by RentU, Fulfilled by Amazon
Condition: Used: Very Good
Comment: Fast shipping from Amazon! Qualifies for Prime Shipping and FREE standard shipping for orders over $35. Overnight, 2 day and International shipping available! Excellent Customer Service.. May not include supplements such as CD, access code or DVD.
Access codes and supplements are not guaranteed with used items.
17 Used from $0.79
More Buying Choices
9 New from $30.00 17 Used from $0.79
Free Two-Day Shipping for College Students with Amazon Student Free%20Two-Day%20Shipping%20for%20College%20Students%20with%20Amazon%20Student

Save Up to 90% on Textbooks Textbooks

Editorial Reviews

From the Back Cover

Systematically address your #1 enterprise security gap: storage


Securing Storage is an indispensable resource for every storage and security professional, and for anyone responsible for IT infrastructure, from architects and network designers to administrators.


You’ve invested heavily in securing your applications, operating systems, and network infrastructure. But you may have left one crucial set of systems unprotected: your SAN, NAS, and iSCSI storage systems. Securing Storage reveals why these systems aren’t nearly as secure as you think they are, and presents proven best practices for hardening them against more than 25 different attacks.


Securing storage is crucial to protecting intellectual property and trade secrets and complying with regulations ranging from Sarbanes-Oxley and HIPAA to Gramm-Leach-Bliley and SEC Rule 17a4. This book offers a complete blueprint for protecting all your storage systems–and all the data stored on them.


Most enterprises have failed to adequately address one crucial component of IT security: storage. The storage industry has largely failed to deliver secure solutions, and many IT professionals simply assume that security can be handled elsewhere. The result is a gaping security hole: it’s now far easier for internal attackers to compromise storage devices than to attack applications or operating systems. Now, for the first time, one of the world’s top storage security experts systematically reveals the weaknesses in SAN and NAS security–and offers robust, practical solutions.


Drawing on years of leading-edge research, renowned storage architect and security researcher Himanshu Dwivedi explains why SAN and NAS systems have become an open target for unauthorized access and data compromise–and why “security by obscurity” strategies will fail to protect storage, just as they’ve failed elsewhere. Dwivedi offers expert, step-by-step guidance for evaluating your own storage environment, designing security into it, implementing storage security best practices, and optimizing the security settings on any shared storage device. He also presents a full chapter of real-world case studies.

Coverage includes


•    Recognizing vulnerabilities that arise from inadequate perimeter security

•    Understanding where attacks on storage devices typically originate

•    Testing storage network security and audit compliance

•    Protecting against SAN attacks: WWN spoofing, name server pollution, session hijacking, zoning hopping, e-port and f-port

      replication, LUN  mask subversion, and more

•    Protecting NAS systems against attacks on Windows CIFS and Unix/Linux NFS protocols

•    Defending against iSCSI attacks, from iQN spoofing to CHAP message reflection and offline password brute forcing

•    Securing individual Fibre Channel and iSCSI SANs, NAS devices, and more

About the Author

Himanshu Dwivedi is a founding partner of iSEC Partners, a digital security services and products organization. Before forming iSEC Partners (http://www.isecpartners.com), Himanshu was the Technical Director for @stake's San Francisco security practice, a leader in application and network security. His professional experience includes application programming, infrastructure security, and secure product design with an emphasis on storage risk assessment.

Himanshu is considered to be an industry expert in storage security. He has been published in major journals, magazines, and news articles regarding his storage security research. Himanshu has been invited to speak at several security and storage conferences in the United States and in Asia, such as Black Hat and Storage Networking World. Although specializing in SAN and NAS security, Himanshu's research includes storage technologies such as Fibre Channel, iSCSI, NFS, and CIFS as well as storage devices such as Fibre Channel switches, host bus adapters, storage controllers, iSCSI initiators, NAS filers, iSNS servers, NAS gateways, and encryption appliances. Himanshu has also written several tools for storage security assessment, including the iSCSI CHAP Password Tester and the Storage Port Scanner.

Himanshu currently has a patent pending on a storage design architecture that he co-developed with other professionals (U.S. Patent Serial No. 10/198,728). The patent is a security design for Fibre Channel storage networks. Himanshu has also published two other books, including Storage Networks: The Complete Reference, the "Security Considerations" chapter (McGraw-Hill/Osborne), and Implementing SSH: Strategies for Optimizing the Secure Shell (Wiley Publishing). Furthermore, Himanshu has also published two security white papers, including "Securing Intellectual Property" (http://www.vsi.org/resources/specs/ippwp310.pdf) and "Storage Security" (http://www.atstake.com/research/reports/acrobat/atstake_storage_networks.pdf).

© Copyright Pearson Education. All rights reserved.


Product Details

  • Hardcover: 560 pages
  • Publisher: Addison-Wesley Professional; 1 edition (November 21, 2005)
  • Language: English
  • ISBN-10: 0321349954
  • ISBN-13: 978-0321349958
  • Product Dimensions: 7.2 x 1.4 x 9.6 inches
  • Shipping Weight: 2.2 pounds
  • Average Customer Review: 4.0 out of 5 stars  See all reviews (5 customer reviews)
  • Amazon Best Sellers Rank: #2,149,062 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Top Customer Reviews

Format: Hardcover
The theme of this book is that Storage Area Networks and Network Attached Storage have been hitherto neglected with respect to securing their contents against unauthorised use. Dwivedi remarks that most sysadmins focus on maintaining and securing a corporate firewall. Along with regularly patching users' machines plus web servers. A common attitude is that SAN and NAS devices are at the very heart of the corporate network, and often cannot be directly accessed from outside the firewall.

Dwivedi spends the bulk of his book debunking this idea. For one thing, he points out that a SAN or NAS box is a computer that has to run an operating system. Usually linux, unix or Microsoft. A vendor is very unlikely to write a custom operating system from scratch. Too expensive and takes too long to devise. So even if nothing else, you as a sysadmin should regularly patch those boxes if you can, when known bugs are found in their operating systems. These boxes should be no more exempt from patching than your other machines, even those behind the firewall.

Another cause of concern is the sheer mass of data on a SAN or NAS box. Nowadays, likely to be many gigabytes. These are high value targets for an attacker. Whereas a typical user's desktop would have much smaller data sets.

Plus, even with a firewall, there is always the possibility of an employee being an attacker. If she has a machine inside the firewall, then this already gives her a good start. Of course, you might reply that you "lock down" your users' machines, so that they cannot get root access, for example. But the attacker with a Microsoft machine could boot off a Knoppix CD, for example, and go into a linux that sits only in memory, and for which she has root.
Read more ›
Comment 6 of 6 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Hardcover
Dwivedi does an excellent job of covering a little thought about area of networking that is growing rapidly.

The layout of the book is well thought out and takes the reader thru a step-by-step process of how networked storage is hacked. This is not a book that you would want to read once and expect to have all the answers. Dwivedi has written this book with both the reader and that concept in mind. It contains a vast amount of knowledge about network storage secutity. There is so much information that memorizing this book would be impossible

Dwivedi provides the reader with numerous assessment exercises making it easier to understand the large amount of information and techniques presented. It is thoroughly indexed and arranged in away that allows anyone to access an attack method and reference that process including the downloads with which to attack any choosen vulnerability.

The introduction section of this book gives anyone with little or no network storage knowledge a very concise understanding of risk management, security basics and attack scenarios. It is finalized with a handy question and answer section that helps tie it all together.

Dwivedi covers processes, types of storage and the designs most commonly used in storage networks in great detail. He covers SAN, NAS and iSCSI Security and the ways in which to attack each successfully. Every conceivable attack on network storage and how they are done, including many links to scripts are included for the reader. They show the reader general storage network knowledge and how to audit their own systems for security weaknesses. It gives the reader a very broad overview of the subject with detailed specifics, which helps to understand the technical basis of attacks and how to deter those attacks.
Read more ›
Comment 1 of 1 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Hardcover
This book is written in very human-friendly language , you can read this book very easily like a magazine. The author divided this books into three parts , and those are NAS security, SAN security and iSCSI security. As the author said in the beginning of this book, this book for only introduction to storage security, and the author does only that.

When it comes to negative points, the major problem with this book is , the author telling the story again and again . If he explained one point , he will repeat the same thing again and again later. So , out of 400 pages the book has , at the end of the day, you are getting only 100 page worth of knowledge.

On more major issue with this book is , the author didn't given sufficient information about the actual storage security protocols like FCSP and others.

Don't expect too much from this book , this book is a very simple and introduction level book to storage security.
Comment 1 of 1 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Hardcover Verified Purchase
So far the content is good, but the editing is so bad that it leaves the book almost unreadable. I understand there may a language issue, but give me a break, I am paying $40.00 for a hard cover, professional book, written in english and published by a well known and respected publisher. I believe I should be able to reasonably expect that the grammar is correct and blatant typos are removed - this book looks more like a draft than a final copy. Some sentences are so bad they make no sense, which makes reading the book challenging since you have to skim over the nonsense to extract the useful information.

I gave it a 3 for the content, I would give it a 1 for readability and quality. I will be asking Addison Wesley for my money back on this one.
Comment 1 of 1 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Want to discover more products? Check out this page to see more: computer security