From the Back Cover
Systematically address your #1 enterprise security gap: storage
Securing Storage is an indispensable resource for every storage and security professional, and for anyone responsible for IT infrastructure, from architects and network designers to administrators.
You’ve invested heavily in securing your applications, operating systems, and network infrastructure. But you may have left one crucial set of systems unprotected: your SAN, NAS, and iSCSI storage systems. Securing Storage reveals why these systems aren’t nearly as secure as you think they are, and presents proven best practices for hardening them against more than 25 different attacks.
Securing storage is crucial to protecting intellectual property and trade secrets and complying with regulations ranging from Sarbanes-Oxley and HIPAA to Gramm-Leach-Bliley and SEC Rule 17a4. This book offers a complete blueprint for protecting all your storage systems–and all the data stored on them.
Most enterprises have failed to adequately address one crucial component of IT security: storage. The storage industry has largely failed to deliver secure solutions, and many IT professionals simply assume that security can be handled elsewhere. The result is a gaping security hole: it’s now far easier for internal attackers to compromise storage devices than to attack applications or operating systems. Now, for the first time, one of the world’s top storage security experts systematically reveals the weaknesses in SAN and NAS security–and offers robust, practical solutions.
Drawing on years of leading-edge research, renowned storage architect and security researcher Himanshu Dwivedi explains why SAN and NAS systems have become an open target for unauthorized access and data compromise–and why “security by obscurity” strategies will fail to protect storage, just as they’ve failed elsewhere. Dwivedi offers expert, step-by-step guidance for evaluating your own storage environment, designing security into it, implementing storage security best practices, and optimizing the security settings on any shared storage device. He also presents a full chapter of real-world case studies.
• Recognizing vulnerabilities that arise from inadequate perimeter security
• Understanding where attacks on storage devices typically originate
• Testing storage network security and audit compliance
• Protecting against SAN attacks: WWN spoofing, name server pollution, session hijacking, zoning hopping, e-port and f-port
replication, LUN mask subversion, and more
• Protecting NAS systems against attacks on Windows CIFS and Unix/Linux NFS protocols
• Defending against iSCSI attacks, from iQN spoofing to CHAP message reflection and offline password brute forcing
• Securing individual Fibre Channel and iSCSI SANs, NAS devices, and more
About the Author
Himanshu Dwivedi is a founding partner of iSEC Partners, a digital security services and products organization. Before forming iSEC Partners (http://www.isecpartners.com), Himanshu was the Technical Director for @stake's San Francisco security practice, a leader in application and network security. His professional experience includes application programming, infrastructure security, and secure product design with an emphasis on storage risk assessment.
Himanshu is considered to be an industry expert in storage security. He has been published in major journals, magazines, and news articles regarding his storage security research. Himanshu has been invited to speak at several security and storage conferences in the United States and in Asia, such as Black Hat and Storage Networking World. Although specializing in SAN and NAS security, Himanshu's research includes storage technologies such as Fibre Channel, iSCSI, NFS, and CIFS as well as storage devices such as Fibre Channel switches, host bus adapters, storage controllers, iSCSI initiators, NAS filers, iSNS servers, NAS gateways, and encryption appliances. Himanshu has also written several tools for storage security assessment, including the iSCSI CHAP Password Tester and the Storage Port Scanner.
Himanshu currently has a patent pending on a storage design architecture that he co-developed with other professionals (U.S. Patent Serial No. 10/198,728). The patent is a security design for Fibre Channel storage networks. Himanshu has also published two other books, including Storage Networks: The Complete Reference, the "Security Considerations" chapter (McGraw-Hill/Osborne), and Implementing SSH: Strategies for Optimizing the Secure Shell (Wiley Publishing). Furthermore, Himanshu has also published two security white papers, including "Securing Intellectual Property" (http://www.vsi.org/resources/specs/ippwp310.pdf) and "Storage Security" (http://www.atstake.com/research/reports/acrobat/atstake_storage_networks.pdf).
© Copyright Pearson Education. All rights reserved.