Computer System Security

Section 9.0

protocol service or other protocol/service that is not explicitly permitted (i.e., deny by default). Inbound services shall be prohibited, unless a valid business case can establish their necessity. See Section 9.3.16.5, Boundary Protection (SC-7). Additional network protection requirements are available on the Office of Safeguards website. 9.4.11 Storage Area Networks Background A storage area network (SAN) is a network whose purpose is to transfer data among information systems and the storage elements in high speed. SANs achieve economy of scale by eliminating the need to manage storage from multiple vendors and platforms. The typical components of a SAN can be broken down into the host layer, the fabric layer, and the storage layer that comprise the networking infrastructure, management devices that organize connection, storage devices/elements, and client computer systems. The storage layer, where FTI resides, comprises physical disk drives, disk arrays, tape libraries, and other storage media. SAN components that are most vulnerable to attack include connection points between servers, management devices, and IP-based devices. The fundamental issues are that most SAN protocols do not require device authentication and that it is relatively simple to join the SAN fabric with a spoofing and session hijacking technique. Requirements To use FTI in a SAN environment, the agency must meet the following mandatory requirements: a. FTI must be segregated from other agency data within the SAN environment. b. Access controls must be implemented and strictly enforced for all SAN components to limit access to disks containing FTI to authorized users. c. Fibre channel devices must be configured to authenticate other devices with which they communicate in the SAN and authenticate administrator connections. d. FTI must be encrypted while in transit within the SAN environment. SAN management traffic must also be encrypted for SAN components. e. SAN components must be physically protected in accordance with the minimum protection standards for physical security described in Section 4.0, Secure StorageIRC 6103(p)(4)(B). f. All components of the SAN that receive, process, store, or transmit FTI must be hardened in accordance with the requirements in this publication (see SAN SCSEM available on the Office of Safeguards website). g. SAN components must maintain an audit trail and review it on a regular basis to track access to FTI in the SAN environment.
Publication 1075 (January 2014) Page 104