Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2009 EMC Corporation. All rights reserved. EMC Proven Professional The #1 Certification Program in the information storage and management industry Storage.

Published bySydney Fleming Modified over 9 years ago

Similar presentations

Presentation on theme: "© 2009 EMC Corporation. All rights reserved. EMC Proven Professional The #1 Certification Program in the information storage and management industry Storage."— Presentation transcript:

1 © 2009 EMC Corporation. All rights reserved. EMC Proven Professional The #1 Certification Program in the information storage and management industry Storage Security and Management Section 4

2 © 2009 EMC Corporation. All rights reserved. Section Objectives Upon completion of this section, you will be able to: oDefine information security oList the critical security attributes for information systems oDefine storage security domains oList and analyze the common threats in each domain

3 © 2009 EMC Corporation. All rights reserved. EMC Proven Professional The #1 Certification Program in the information storage and management industry Securing the Storage Infrastructure Chapter 15 Section 4 : Storage Security and Management

4 © 2009 EMC Corporation. All rights reserved. Chapter Objective Upon completion of this chapter, you will be able to: oDefine storage security oDiscuss storage security framework oDescribe storage security domains oApplication, Management, Backup Recovery and Archive (BURA)

5 © 2009 EMC Corporation. All rights reserved. Lesson: Building Storage Security Framework Upon completion of this lesson, you will be able to: oDefine storage security oDiscuss the elements to build storage security framework oSecurity services oDefine Risk triad

6 © 2009 EMC Corporation. All rights reserved. What is Storage Security? oApplication of security principles and practices to storage networking (data storage + networking) technologies oFocus of storage security: secured access to information oStorage security begins with building a framework Security StorageNetworking

7 © 2009 EMC Corporation. All rights reserved. Storage Security Framework oA systematic way of defining security requirements oFramework should incorporates: oAnticipated security attacks oActions that compromise the security of information oSecurity measures oControl designed to protect from these security attacks oSecurity framework must ensure: oConfidentiality oIntegrity oAvailability oAccountability

8 © 2009 EMC Corporation. All rights reserved. Storage Security Framework: Attribute oConfidentiality oProvides the required secrecy of information oEnsures only authorized users have access to data oIntegrity oEnsures that the information is unaltered oAvailability oEnsures that authorized users have reliable and timely access to data oAccountability oAccounting for all events and operations that takes place in data center infrastructure that can be audited or traced later oHelps to uniquely identify the actor that performed an action

9 © 2009 EMC Corporation. All rights reserved. Understanding Security Elements Risk Threats Vulnerabilities Assets The Risk Triad Wish to abuse and/or may damage Threat Agent Threat Vulnerabilities Asset Risk Owner Give rise to That exploit Leading to to Countermeasure impose to reduce Value

10 © 2009 EMC Corporation. All rights reserved. Security Elements: Assets o“Information” – The most important asset oOther assets oHardware, software, and network infrastructure oProtecting assets is the primary concern oSecurity mechanism considerations: oMust provide easy access to information assets for authorized users oMake it very difficult for potential attackers to access and compromise the system oShould only cost a small fraction of the value of protected asset oShould cost a potential attacker more, in terms of money and time

11 © 2009 EMC Corporation. All rights reserved. Security Elements: Threats oPotential attacks that can be carried out on an IT infrastructure oPassive attacks oAttempts to gain unauthorized access into the system oThreats to confidentiality of information oActive attacks oData modification, Denial of Service (DoS), and repudiation attacks oThreats to data integrity and availability AttackConfidentialityIntegrityAvailabilityAccountability Access √√ Modification √√√ Denial of Service √ Repudiation √√

12 © 2009 EMC Corporation. All rights reserved. Security Elements: Vulnerabilities oVulnerabilities can occur anywhere in the system oAn attacker can bypass controls implemented at a single point in the system oRequires “defense in depth” oFailure anywhere in the system can jeopardize the security of information assets oLoss of authentication may jeopardize confidentiality oLoss of a device jeopardizes availability

13 © 2009 EMC Corporation. All rights reserved. Security Elements: Vulnerabilities (cont.) oUnderstanding Vulnerabilities oAttack surface oRefers to various access points/interfaces that an attacker can use to launch an attack oAttack vectors oSeries of steps necessary to launch an attack oWork factor oAmount of time and effort required to exploit an attack vector oSolution to protect critical assets: oMinimize the attack surface oMaximize the work factor oManage vulnerabilities oDetect and remove the vulnerabilities, or oInstall countermeasures to lessen the impact

14 © 2009 EMC Corporation. All rights reserved. Countermeasures to Vulnerability oImplement countermeasures ( safeguards, or controls) in order to lessen the impact of vulnerabilities oControls are technical or non-technical oTechnical oimplemented in computer hardware, software, or firmware oNon-technical oAdministrative (policies, standards) oPhysical (guards, gates) oControls provide different functions oPreventive oCorrective oDetective

15 © 2009 EMC Corporation. All rights reserved. Lesson Summary Key topics covered in this lesson: oStorage security oStorage security framework oSecurity attributes oSecurity elements oSecurity controls

16 © 2009 EMC Corporation. All rights reserved. Lesson: Storage Security Domains Upon completion of this lesson, you will be able to: oDescribe the three security domains oApplication oManagement oBackup & Data Storage oList the security threats in each domain oDescribe the controls that can be applied

17 © 2009 EMC Corporation. All rights reserved. Storage Security Domains Secondary Storage Backup, Recovery & Archive Application Access Data Storage STORAGE NETWORK Management Access : Application Access

18 © 2009 EMC Corporation. All rights reserved. Application Access Domain: Threats Host A Host B Spoofing host/user identity Spoofing identity Elevation of privilege Array Volumes Array Volumes Media theft LAN Unauthorized Host V2 V1 FC SAN

19 © 2009 EMC Corporation. All rights reserved. Securing the Application Access Domain Threats Available Controls Examples Spoofing User Identity (Integrity, Confidentiality) Elevation of User privilege (Integrity, Confidentiality) User Authentication (Technical) User Authorization (Technical, Administrative) Strong authentication NAS: Access Control Lists Controlling User Access to Data Spoofing Host Identity (Integrity, Confidentiality) Elevation of Host privilege (Integrity, Confidentiality) Host and storage authentication (Technical) Access control to storage objects (Technical, Administrative) Storage Access Monitoring (Technical) iSCSI Storage: Authentication with DH-CHAP SAN Switches: Zoning Array: LUN Masking Controlling Host Access to Data

20 © 2009 EMC Corporation. All rights reserved. Securing the Application Access Domain Threats Available Controls Examples Tampering with data at rest (Integrity) Media theft (Availability, Confidentiality) Encryption of data at rest (Technical) Data integrity (Technical) Data erasure (Technical) Storage Encryption Service NAS: Antivirus and File extension control CAS: Content Address Data Erasure Services Tampering with data in flight (Integrity) Denial of service (Availability) Network snooping (Confidentiality) IP Storage: IPSec Fibre Channel: FC-SP (FC Security Protocol) Controlling physical access to Data Center Infrastructure integrity (Technical) Storage network encryption (Technical) Protecting Storage Infrastructure Protecting Data at rest (Encryption)

21 © 2009 EMC Corporation. All rights reserved. Management Access Domain: Threats Host B Storage Management Platform Host A Console or CLI Spoofing user identity Elevation of user privilege FC Switch Production Host Spoofing host identity Production Storage Array A Remote Storage Array B Storage Infrastructure Unauthorized Host LAN

22 © 2009 EMC Corporation. All rights reserved. Securing the Management Access Domain Threats Availabl e Controls Examples Spoofing User / Administrator identity (Integrity) Elevation of User / Administrator privilege (Integrity) User Authentication User Authorization Audit (Administrative, Technical) Authentication: Two factor authentication, Certificate Management Authorization: Role Based Access Control (RBAC) Security Information Event Management Controlling Administrative Access SSH or SSL over HTTP Encrypted links between arrays and hosts Private management network Disable unnecessary network services Tempering with data (Integrity) Denial of service (Availability) Network snooping (confidentiality) Mgmt network encryption (Technical) Mgmt access control (Administrative, Technical) Protecting Mgmt Infrastructure

23 © 2009 EMC Corporation. All rights reserved. BURA Domain: Threats Media theft Spoofing DR site identity Storage Array Local Site DR Site Unauthorized Host DR Network

24 © 2009 EMC Corporation. All rights reserved. Protecting Secondary Storage and Replication Infrastructure Threats Available Controls Examples Spoofing DR site identity (Integrity, Confidentiality) Tampering with data (Integrity) Network snooping (Integrity, Confidentiality) Denial of service (Availability) Primary to Secondary Storage Access Control (Technical) Backup encryption (Technical) Replication network encryption (Technical) External storage encryption services Built in encryption at the software level Secure replication channels (SSL, IPSec)

25 © 2009 EMC Corporation. All rights reserved. Lesson Summary Key topics covered in this lesson: oThe three security domains oApplication oManagement oBackup & Data Storage oSecurity threats in each domain oSecurity controls

26 © 2009 EMC Corporation. All rights reserved. Check Your Knowledge oWhat are the primary security attributes? oWhat are the three data security domains?

27 © 2009 EMC Corporation. All rights reserved. #1 IT company For more information visit http://education.EMC.com

Download ppt "© 2009 EMC Corporation. All rights reserved. EMC Proven Professional The #1 Certification Program in the information storage and management industry Storage."

Similar presentations

Driving Factors Security Risk Mgt Controls Compliance.

Driving Factors Security Risk Mgt Controls Compliance.
Chapter 1 - 1 ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.

Chapter ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.
Web Security for Network and System Administrators1 Chapter 1 Introduction to Information Security.

Web Security for Network and System Administrators1 Chapter 1 Introduction to Information Security.
CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Storage Security and Management

Storage Security and Management
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
Security Issues and Challenges in Cloud Computing

Security Issues and Challenges in Cloud Computing
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
Introducing Computer and Network Security

Introducing Computer and Network Security
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.

Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
© 2009 EMC Corporation. All rights reserved. Securing the Storage Infrastructure Module 4.1.

© 2009 EMC Corporation. All rights reserved. Securing the Storage Infrastructure Module 4.1.
Module – 14 Securing the Storage Infrastructure

Module – 14 Securing the Storage Infrastructure
EMC Proven Professional. Copyright © 2012 EMC Corporation. All Rights Reserved. EMC Proven Professional INFORMATION STORAGE AND MANAGEMENT V2 Course Introduction.

EMC Proven Professional. Copyright © 2012 EMC Corporation. All Rights Reserved. EMC Proven Professional INFORMATION STORAGE AND MANAGEMENT V2 Course Introduction.

Similar presentations

Ads by Google