SECURING FIBRE CHANNEL FABRICS - Brocade

Encrypting Data-at-RestPhysical Security Best Practices Summary• Use separate racks for fabric A and B• Lock cabinets in multi-tenant or sensitive environments• Use separate power circuits for redundant hardwarecomponents• Use a UPS and test and change batteries regularly• Use proper cooling and avoid hot spots• Use power generators and exercise them regularly; establishSLAs with fuel delivery providersOperational Security and ProceduresAccording to several studies, insiders are still responsible for themajority of security breaches through inadvertent mistakes. Thehuman element is the least predictable factor in a production environmentand mistakes are frequent. Mitigating risks associated withhuman error usually involves eliminating the human element wheneverpossible. This can be accomplished through automation of tasksusing scripts, third-party management software, and custom applications.These risks can also be reduced by eliminating the guesswork inoperations by creating detailed and well-documented operationsprocedures.In some organizations, only a single individual understands and knowshow to manage the SAN environment. Again, Murphy's Law will invariablyensure that this one SAN administrator will leave unexpectedly orget hit by the proverbial bus. Properly documented procedures willenable another system administrator to at least perform the essentialfunctions to continue operating the production SAN. It is not necessaryto document every single procedure on the SAN, but the critical tasks,and those that are used frequently, should be documented.Switch configuration files should be backed up frequently, dependingon how often changes are made to the production environment. Thesame applies to syslog and other log files. They should all be backedup automatically to a secure server with restricted access.Securing Fibre Channel Fabrics 115