Tighter security for IP ports
Tighter security for IP ports
The SNIA (The Storage Networking Industry Association) has released new best practice guidelines which aim to educate end users on how to protect their IP management ports in storage networks from the minimum level of security risks.
The "Minimum Security Requirements and Best Practices for IP Management Ports in Storage Networks" guidelines outline features which users should request from suppliers to make sure that their IP ports are guarded from threats such as hacking, hijacking, unauthorised access, viruses and spoofing.
Mike Alvarado, chair of the SNIA Storage Security Industry Forum said. "As storage are networks scale in size and reach, end users unknowingly open up their data centre to more vulnerabilities and threats more than they may have fully understood to date. Many end users have used separate data centre management networks that are not connected to the corporate network, which has been a reasonable solution. What has changed is that this separation has become less effective as more storage networks and devices are directly connected to global data networks.
"To address this issue, the SSIF has generated a technical note which applies to current best practices from the IP security arena to storage networking devices for the purpose of improving infrastructure security."
Key requirements include:
* Requesting details of how storage products are hardened against the vulnerability of IP threats.
* Vendors need to supply details of whether their products comply with industry security requirements.
* Request details from Vendors about certification that their products do not have IP security vulnerabilities.
Neil Campbell, the national security practice manager for Dimension Data Australia, a supplier of IP ports, said that these guidelines are welcome and are a long time in coming. "We need industry wide guidelines like these to ensure a greater level of accountability to the end users on the part of the suppliers. If our clients have more information and ask more of us in terms of security, then that puts pressure on us to meet their requirements and satisfy their needs. Approaches like this wakes up the competition and drives us towards providing higher quality goods to our customers, which we are all in favour of.
"In every environment, I think it is essential to make sure all aspects of security are up to a higher standard. Without taking a planned approach to security, then you leave yourself open to attack. So if network storage is your week link in security, then if you compromise this area, you end up corrupting all other areas of security too. Its best to have all areas of your system at a very high level of security, and these guidelines will ensure that security measures meet a minimum standard."
Click here to see the full technical note about best practices.
Related Article: