unit 5-SECURING STORAGE INFRASTRUCTURE.PPT
dhanasekar_kongu
101 views
11 slides
Jul 03, 2024
Slide 1 of 11
1
2
3
4
5
6
7
8
9
10
11
About This Presentation
unit 5.SECURING STORAGE INFRASTRUCTURE
Slide Content
UNIT V SECURING STORAGE INFRASTRUCTURE
SECURING STORAGE INFRASTRUCTURE Information security goals, Storage security domains, Threats to a storage infrastructure,Security controls to protect a storage infrastructure, Governance, risk, and compliance, Storage infrastructure management functions , Storage infrastructure management processes .
All information security measures try to address at least one of three goals: Protect the confidentiality of data Preserve the integrity of data Promote the availability of data for authorized use These goals form the confidentiality, integrity, availability (CIA), the basis of all security programs.
In order to identify the threats that apply to a storage network, access paths to data storage can be categorized into three security domains: Application access, management access, and BURA (backup, recovery, and archive).
The application access domain may include only those applications that access the data through the file system or a database interface. Management Access to storage and interconnecting devices and to the data residing on those devices. Management access, whether monitoring, provisioning, or managing storage resources, is associated with every device within the storage environment. Backup, Replication, and Archive Access primarily accessed by storage administrators who configure and manage the environment. Along with the access points in this domain, the backup and replication media also needs to be secured .
Figure 15-2 shows application access in a storage networking environment. Host A can access all V1 volumes; host B can access all V2 volumes. These volumes are classified according to access level, such as confidential, restricted, and public. Some of the possible threat in this scenario could be host A spoofing the identity or elevating the privileges of host B to gain access to host B’s resources. Another threat could be an unauthorized host gain access to the network; the attacker on this host may try to spoof the identity of another host and tamper with data, snoop the network, or execute a DoS attack. Also any form of media theft could also compromise security. SECURING THE APPLICATION ACCESS DOMAIN
SECURING THE MANAGEMENT ACCESS DOMAIN Management access, whether monitoring, provisioning, or managing storage resources, is associated with every device within the storage network.
Figure 15-3 depicts a storage networking environment in which production hosts are connected to a SAN fabric and are accessing storage Array A, which is connected to storage Array B for replication purposes. Further, this configuration has a storage management platform on Host B and a monitoring console on Host A.
SECURING BACKUP, RECOVERY, AND ARCHIVE (BURA) BURA is the third domain that needs to be secured against attack. A backup involves copying the data from a storage array to backup media, such as tapes or disks. Securing BURA is complex and is based on the BURA software accessing the storage arrays.
Figure 15-4 illustrates a generic remote backup design whereby data on a storage array is replicated over a disaster recovery (DR) network to a secondary storage at the DR site .
Download
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 101
- Slides 11
- Age 516 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
44 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
45 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
36 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
33 views
21
Know for Certain
DaveSinNM
19 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
23 views