Sorry, this item is not available in
Image not available for
Color:
Image not available

To view this video download Flash Player

 
Sell Us Your Item
For a $2.00 Gift Card
Trade in
Have one to sell? Sell yours here
Tell the Publisher!
I'd like to read this book on Kindle

Don't have a Kindle? Get your Kindle here, or download a FREE Kindle Reading App.

Securing Storage: A Practical Guide to SAN and NAS Security [Hardcover]

Himanshu Dwivedi
4.0 out of 5 stars  See all reviews (5 customer reviews)


Available from these sellers.


Free Two-Day Shipping for College Students with Amazon Student

Formats

Amazon Price New from Used from
Hardcover --  
Paperback $52.95  
Shop the New Digital Design Bookstore
Check out the Digital Design Bookstore, a new hub for photographers, art directors, illustrators, web developers, and other creative individuals to find highly rated and highly relevant career resources. Shop books on web development and graphic design, or check out blog posts by authors and thought-leaders in the design industry. Shop now

Book Description

November 21, 2005 0321349954 978-0321349958 1
The security of data, as shown by several recent high-profile cases, is weak. It is but a question of time before courts begin requiring more thorough steps to be taken--users and courts want data security. This book not only helps IT meet those growing needs, but shows the vendors where they need to improve. Regulations have highlighted an overlying issue of data protection. Data, whether it is financial data, non-public private information, or medical data, needs to be protected from unauthorized external and internal entities at all times. Much valuable data (i.e. customer and patient data) spends most of its lifetime in a storage device--not on computers, servers, or networks. Local failures and outside intruders can change, destroy, or compromise stored data even if the main network is secure: storage requires its own security. This book is a must read for IT personnel responsible for data security and security consultants who perform compliance audits at companies that use storage devices.

Editorial Reviews

From the Back Cover

Systematically address your #1 enterprise security gap: storage

 

Securing Storage is an indispensable resource for every storage and security professional, and for anyone responsible for IT infrastructure, from architects and network designers to administrators.

 

You’ve invested heavily in securing your applications, operating systems, and network infrastructure. But you may have left one crucial set of systems unprotected: your SAN, NAS, and iSCSI storage systems. Securing Storage reveals why these systems aren’t nearly as secure as you think they are, and presents proven best practices for hardening them against more than 25 different attacks.

 

Securing storage is crucial to protecting intellectual property and trade secrets and complying with regulations ranging from Sarbanes-Oxley and HIPAA to Gramm-Leach-Bliley and SEC Rule 17a4. This book offers a complete blueprint for protecting all your storage systems–and all the data stored on them.

 

Most enterprises have failed to adequately address one crucial component of IT security: storage. The storage industry has largely failed to deliver secure solutions, and many IT professionals simply assume that security can be handled elsewhere. The result is a gaping security hole: it’s now far easier for internal attackers to compromise storage devices than to attack applications or operating systems. Now, for the first time, one of the world’s top storage security experts systematically reveals the weaknesses in SAN and NAS security–and offers robust, practical solutions.

 

Drawing on years of leading-edge research, renowned storage architect and security researcher Himanshu Dwivedi explains why SAN and NAS systems have become an open target for unauthorized access and data compromise–and why “security by obscurity” strategies will fail to protect storage, just as they’ve failed elsewhere. Dwivedi offers expert, step-by-step guidance for evaluating your own storage environment, designing security into it, implementing storage security best practices, and optimizing the security settings on any shared storage device. He also presents a full chapter of real-world case studies.

Coverage includes

 

•    Recognizing vulnerabilities that arise from inadequate perimeter security

•    Understanding where attacks on storage devices typically originate

•    Testing storage network security and audit compliance

•    Protecting against SAN attacks: WWN spoofing, name server pollution, session hijacking, zoning hopping, e-port and f-port

      replication, LUN  mask subversion, and more

•    Protecting NAS systems against attacks on Windows CIFS and Unix/Linux NFS protocols

•    Defending against iSCSI attacks, from iQN spoofing to CHAP message reflection and offline password brute forcing

•    Securing individual Fibre Channel and iSCSI SANs, NAS devices, and more

About the Author

Himanshu Dwivedi is a founding partner of iSEC Partners, a digital security services and products organization. Before forming iSEC Partners (http://www.isecpartners.com), Himanshu was the Technical Director for @stake's San Francisco security practice, a leader in application and network security. His professional experience includes application programming, infrastructure security, and secure product design with an emphasis on storage risk assessment.

Himanshu is considered to be an industry expert in storage security. He has been published in major journals, magazines, and news articles regarding his storage security research. Himanshu has been invited to speak at several security and storage conferences in the United States and in Asia, such as Black Hat and Storage Networking World. Although specializing in SAN and NAS security, Himanshu's research includes storage technologies such as Fibre Channel, iSCSI, NFS, and CIFS as well as storage devices such as Fibre Channel switches, host bus adapters, storage controllers, iSCSI initiators, NAS filers, iSNS servers, NAS gateways, and encryption appliances. Himanshu has also written several tools for storage security assessment, including the iSCSI CHAP Password Tester and the Storage Port Scanner.

Himanshu currently has a patent pending on a storage design architecture that he co-developed with other professionals (U.S. Patent Serial No. 10/198,728). The patent is a security design for Fibre Channel storage networks. Himanshu has also published two other books, including Storage Networks: The Complete Reference, the "Security Considerations" chapter (McGraw-Hill/Osborne), and Implementing SSH: Strategies for Optimizing the Secure Shell (Wiley Publishing). Furthermore, Himanshu has also published two security white papers, including "Securing Intellectual Property" (http://www.vsi.org/resources/specs/ippwp310.pdf) and "Storage Security" (http://www.atstake.com/research/reports/acrobat/atstake_storage_networks.pdf).


© Copyright Pearson Education. All rights reserved.


Product Details

  • Hardcover: 560 pages
  • Publisher: Addison-Wesley Professional; 1 edition (November 21, 2005)
  • Language: English
  • ISBN-10: 0321349954
  • ISBN-13: 978-0321349958
  • Product Dimensions: 1.2 x 7.2 x 9.6 inches
  • Shipping Weight: 2.2 pounds
  • Average Customer Review: 4.0 out of 5 stars  See all reviews (5 customer reviews)
  • Amazon Best Sellers Rank: #2,309,502 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews
6 of 6 people found the following review helpful
5.0 out of 5 stars an unsettling text to some sysadmins December 18, 2005
Format:Hardcover
The theme of this book is that Storage Area Networks and Network Attached Storage have been hitherto neglected with respect to securing their contents against unauthorised use. Dwivedi remarks that most sysadmins focus on maintaining and securing a corporate firewall. Along with regularly patching users' machines plus web servers. A common attitude is that SAN and NAS devices are at the very heart of the corporate network, and often cannot be directly accessed from outside the firewall.

Dwivedi spends the bulk of his book debunking this idea. For one thing, he points out that a SAN or NAS box is a computer that has to run an operating system. Usually linux, unix or Microsoft. A vendor is very unlikely to write a custom operating system from scratch. Too expensive and takes too long to devise. So even if nothing else, you as a sysadmin should regularly patch those boxes if you can, when known bugs are found in their operating systems. These boxes should be no more exempt from patching than your other machines, even those behind the firewall.

Another cause of concern is the sheer mass of data on a SAN or NAS box. Nowadays, likely to be many gigabytes. These are high value targets for an attacker. Whereas a typical user's desktop would have much smaller data sets.

Plus, even with a firewall, there is always the possibility of an employee being an attacker. If she has a machine inside the firewall, then this already gives her a good start. Of course, you might reply that you "lock down" your users' machines, so that they cannot get root access, for example. But the attacker with a Microsoft machine could boot off a Knoppix CD, for example, and go into a linux that sits only in memory, and for which she has root.
Read more ›
Comment | 
Was this review helpful to you?
1 of 1 people found the following review helpful
3.0 out of 5 stars Poorly Edited - almost unreadable - but good content February 1, 2007
Format:Hardcover|Verified Purchase
So far the content is good, but the editing is so bad that it leaves the book almost unreadable. I understand there may a language issue, but give me a break, I am paying $40.00 for a hard cover, professional book, written in english and published by a well known and respected publisher. I believe I should be able to reasonably expect that the grammar is correct and blatant typos are removed - this book looks more like a draft than a final copy. Some sentences are so bad they make no sense, which makes reading the book challenging since you have to skim over the nonsense to extract the useful information.

I gave it a 3 for the content, I would give it a 1 for readability and quality. I will be asking Addison Wesley for my money back on this one.
Comment | 
Was this review helpful to you?
1 of 1 people found the following review helpful
3.0 out of 5 stars Less storage security, and more network security September 13, 2006
Format:Hardcover
This book is written in very human-friendly language , you can read this book very easily like a magazine. The author divided this books into three parts , and those are NAS security, SAN security and iSCSI security. As the author said in the beginning of this book, this book for only introduction to storage security, and the author does only that.

When it comes to negative points, the major problem with this book is , the author telling the story again and again . If he explained one point , he will repeat the same thing again and again later. So , out of 400 pages the book has , at the end of the day, you are getting only 100 page worth of knowledge.

On more major issue with this book is , the author didn't given sufficient information about the actual storage security protocols like FCSP and others.

Don't expect too much from this book , this book is a very simple and introduction level book to storage security.
Comment | 
Was this review helpful to you?
1 of 1 people found the following review helpful
Format:Hardcover
Dwivedi does an excellent job of covering a little thought about area of networking that is growing rapidly.

The layout of the book is well thought out and takes the reader thru a step-by-step process of how networked storage is hacked. This is not a book that you would want to read once and expect to have all the answers. Dwivedi has written this book with both the reader and that concept in mind. It contains a vast amount of knowledge about network storage secutity. There is so much information that memorizing this book would be impossible

Dwivedi provides the reader with numerous assessment exercises making it easier to understand the large amount of information and techniques presented. It is thoroughly indexed and arranged in away that allows anyone to access an attack method and reference that process including the downloads with which to attack any choosen vulnerability.

The introduction section of this book gives anyone with little or no network storage knowledge a very concise understanding of risk management, security basics and attack scenarios. It is finalized with a handy question and answer section that helps tie it all together.

Dwivedi covers processes, types of storage and the designs most commonly used in storage networks in great detail. He covers SAN, NAS and iSCSI Security and the ways in which to attack each successfully. Every conceivable attack on network storage and how they are done, including many links to scripts are included for the reader. They show the reader general storage network knowledge and how to audit their own systems for security weaknesses. It gives the reader a very broad overview of the subject with detailed specifics, which helps to understand the technical basis of attacks and how to deter those attacks.
Read more ›
Comment | 
Was this review helpful to you?
Most Recent Customer Reviews
Search Customer Reviews
Search these reviews only

What Other Items Do Customers Buy After Viewing This Item?


Sell a Digital Version of This Book in the Kindle Store

If you are a publisher or author and hold the digital rights to a book, you can sell a digital version of it in our Kindle Store. Learn more

Forums

There are no discussions about this product yet.
Be the first to discuss this product with the community.
Start a new discussion
Topic:
First post:
Prompts for sign-in
 



Look for Similar Items by Category