Networked storage presents additional security vulnerabilities, and protection may require multiple layers of security protection.
By Gary Sevounts
Two years ago, it was defense-in-depth. Last year, it was cyber terrorism. Now a new topic is raising quite a few eyebrows in IT organizations: storage security. Until recently, they were independent issues. Today, however, the phrase "storage security" marks an evolution in the way data is stored and protected.
Enterprise storage used to exist in a relatively fixed and controlled environment, usually attached directly to servers. As far as the IT administrator was concerned, there was only one way into the stored data: Protect the application server from intrusion, and you protect the data.
Today, however, enterprises are migrating to networked storage to save costs, and the threat to storage security is becoming a reality. With shared network resources, there's no longer just one point of entry to silos of stored data but, rather, multiple paths to a collection of consolidated storage data.
Two themes run through Symantec's recent Internet Security Threat Report. First, the number of new security vulnerabilities has increased substantially over the past year; according to the report, 81.5% more vulnerabilities were discovered in 2002 than in 2001.
Second, "blended threats" continue to present the greatest risk to the Internet community; according to the report, three blended threats (Klez, Bugbear, and Opaserv) were the source of 80% of malicious code submissions to Symantec Security Response during the last half of 2002. ("Blended threats" are attacks that use multiple methods and techniques to spread rapidly across the Internet.)
So far, blended threats have exploited only a fraction of the documented vulnerabilities. Further, because past blended threats were able to successfully exploit vulnerabilities that were known for several months, it is likely that many recently discovered vulnerabilities will remain attractive targets for future threats.
While security threats are mounting and vulnerabilities multiplying, organizations are increasingly deploying network-attached storage (NAS). In fact, research indicates that more than 70% of storage will be networked by 2005. Driving this growth is the promise of increased productivity, enhanced resource utilization, and higher return on investment.
Security and NAS
Preventing or recovering from security incidents in NAS environments is a challenge. With server consolidation, if someone gains unauthorized access to one type of data, he's gained access to all types of data. If a virus infects a file on a NAS device, it can spread to the rest of the files in the NAS environment. Further, if the virus isn't identified and eradicated immediately, every time NAS data is backed up the virus can begin a cycle of re-infection.
There is a great deal of uncertainty among IT managers when it comes to dealing with storage security. Because it is such a new area, there hasn't been a common dialogue or education effort within the industry to help IT personnel understand the issues and devise best practices. Consequently, they are left somewhere between simply applying default security and implementing recommendations that might secure NAS.
Many of the security tools that are commonly used in today's enterprise infrastructures can be effective in securing NAS. Used in combination, these solutions secure NAS by protecting devices from Internet-borne threats, ensuring authorized user access to the devices, and securing data on NAS devices.
To safeguard NAS servers from threats that might enter through the Internet, several layers of security are recommended. First, a firewall should be installed between NAS devices and the Internet.
Network-based intrusion detection systems (NIDS) provide a second layer of protection; for best results, an IDS that provides protocol anomaly detection is recommended. This technology enables the IDS to detect even unknown attacks for which signatures are not yet available. And, due to higher data transfers in storage environments, support for high-speed, multi-gigabit networks is recommended to keep performance levels high. Third, vulnerability assessment software identifies vulnerabilities in NAS servers and prioritizes and fixes them.
Authentication, encryption, and authorization are effective tools for making sure that unauthorized users are denied access to NAS devices.
User rights must be carefully defined, and users must be required to prove their identity before being able to access and transmit data to and from NAS servers.
Device access is not all that requires protecting, as storage data must also be secured. Files must be scanned for malicious code in order to identify and eradicate viruses, worms, and Trojan horses that might infect—and re-infect—the system if left undetected. In addition, an IDS installed on the NAS device itself can catch attacks on the system.
Further, a new class of security solutions has emerged to inform IT administrators of approaching security threats before they affect operations. These early warning systems are proactive tools that work by gathering data from security sensors around the world and then quickly analyze that data to identify impending threats. Using a combination of automation and human expertise, attack patterns and trends are discerned and tracked. Countermeasures are developed and passed immediately to enable organizations to prepare for and prevent threats.
An optimal storage security posture is one that drives education of the current dilemma among IT managers and takes into account proven tools for securing IT infrastructures. By fully addressing storage security challenges, organizations can reduce the costs of their enterprise storage protection and lower risks while improving security resource allocation and reducing inefficiencies.
Gary Sevounts is director of solutions marketing in Symantec (www.symantec.com) in Cupertino, CA.