SECURING FIBRE CHANNEL FABRICS - Brocade

More documents

Recommendations

Info

ContentsIsolation and Separation ............................................................................15Logging and Change Management ...........................................................18Fabric-Based Encryption ....................................................................................19FIPS Mode ...................................................................................................19Other FC Security Features ........................................................................21Chapter Summary ...............................................................................................23Chapter 9: Compliance and Storage ......................................................1Payment Card Industry Data Security Standard (PCI-DSS) ................................1Breach Disclosure Laws .......................................................................................4Health Insurance Portability and Accountability Act (HIPAA) .............................6Gramm-Leach-Bliley Act (GLBA) ...........................................................................7Sarbanes-Oxley Act (SOX) .....................................................................................8Export Laws for Cryptographic Products .............................................................8Federal Information Processing Standards (FIPS) ..............................................9Security Level 1 ..........................................................................................10Security Level 2 ..........................................................................................10Security Level 3 ..........................................................................................10Security Level 4 ..........................................................................................11FIPS Process ...............................................................................................11Common Criteria (CC) .........................................................................................11Evaluation Assurance Levels (EAL) ............................................................12Defense Information Systems Agency (DISA) ...................................................13Federal Information Security Management Act (FISMA) ..................................14Chapter Summary ...............................................................................................14Chapter 10: Other SAN Security Topics ..................................................1iSCSI ......................................................................................................................1FCoE/DCB .............................................................................................................2The Future of Key Management ..........................................................................3OASIS and KMIP ...........................................................................................3Chapter 11: Brocade Data Encryption Products ...................................1Brocade Encryption for Data-At-Rest ...................................................................1Brocade Encryption Switch ..........................................................................2Brocade FS8-18 Encryption Blade ..............................................................4Brocade Encryption Features ..............................................................................6Brocade Encryption Process ........................................................................7Clustering and Availability ............................................................................9Redundant Key Vaults ................................................................................13Brocade Encryption Internals ............................................................................16Encryption FPGA Complex ..........................................................................17Security Processor + TRNG ........................................................................18Battery .........................................................................................................18Control Processor (CP) ...............................................................................18Blade Processor (BP) ..................................................................................18Condor 2 ASIC .............................................................................................18Design and Implementation Best Practices .....................................................19xiiSecuring Fibre Channel Fabrics
ContentsManagement Interfaces .............................................................................19Availability ...................................................................................................20Clustering ....................................................................................................20Redundant Key Vaults ................................................................................20Encrypting Disk Storage .............................................................................21Performance ...............................................................................................21First-Time Encryption and Rekeying Operations .......................................21Other Best Practices ...................................................................................22Brocade Encryption for Data-In-Flight ...............................................................23Brocade 7800 and FX8-24 ........................................................................23Data-at-Rest Solution for Data-In-Flight Problem .....................................23Chapter Summary ...............................................................................................25FCIA ........................................................................................................................1IEEE .......................................................................................................................1ANSI T11 ...............................................................................................................2SNIA .......................................................................................................................2IETF ........................................................................................................................3OASIS .....................................................................................................................3Securing Fibre Channel Fabricsxiii
Page 1 and 2: SECURINGFIBRECHANNELFABRICSSECOND E
Page 3: SECURINGFIBRECHANNELFABRICSSECOND E
Page 6 and 7: © 2012 Brocade Communications Syst
Page 8 and 9: viSecuring Fibre Channel Fabrics
Page 10 and 11: viiiSecuring Fibre Channel Fabrics
Page 12 and 13: ContentsChapter 4: Security Basics
Page 16 and 17: ContentsxivSecuring Fibre Channel F
Page 18 and 19: Chapter 1: Introduction• The Euro
Page 20 and 21: Chapter 1: IntroductionThe SAN Secu
Page 22 and 23: Chapter 1: IntroductionInternet sta
Page 24 and 25: Chapter 1: Introductionoften, the s
Page 26 and 27: Chapter 2: SAN Security MythsSAN Se
Page 29 and 30: SAN Security Myth Number 5SAN Test
Page 31 and 32: SAN Security Myth Number 6To demons
Page 33 and 34: SAN Security Myth Number 7SAN Secur
Page 35 and 36: SAN Basics for SecurityProfessional
Page 37 and 38: Evolution of the FC ProtocolTable 1
Page 39 and 40: Fibre Channel BasicsTable 2. FC pro
Page 41 and 42: Fibre Channel BasicsFC FabricsFC fa
Page 43 and 44: Fibre Channel BasicsType Category N
Page 45 and 46: FC Fabric Features and ServicesAn F
Page 47 and 48: FC Fabric Features and Servicesing
Page 49 and 50: FC Fabric Features and ServicesWhen
Page 51 and 52: FC Fabric Features and ServicesAnd
Page 53 and 54: FC Fabric Features and ServicesSwit
Page 55 and 56: FC Fabric Features and ServicesAs c
Page 57 and 58: FC Fabric Features and ServicesSwit
Page 59 and 60: FC Fabric Features and Servicesothe
Page 61 and 62: Security Basics forStorage Professi
Page 63 and 64: Security Modelshave enacted such le
Page 65 and 66:
Security Modelssures must be taken
Page 67 and 68:
Types of ThreatsTypes of ThreatsA t
Page 69 and 70:
Types of ThreatsOne significant thr
Page 71 and 72:
Types of Threatsside attacks such t
Page 73 and 74:
Types of Threatsences from previous
Page 75 and 76:
AttacksAttacksAttackers have many o
Page 77 and 78:
Attackstion between the two parties
Page 79 and 80:
Identification and AuthenticationBi
Page 81 and 82:
Physical SecurityOne challenge with
Page 83 and 84:
Physical SecurityPhysical access co
Page 85 and 86:
Information Disposal and Sanitizati
Page 87 and 88:
Chapter SummaryAlgorithm Passes Des
Page 89 and 90:
Elementary Cryptography5This chapte
Page 91 and 92:
Common Cryptography TermsHere are s
Page 93 and 94:
Symmetric vs. Asymmetric Cryptograp
Page 95 and 96:
Cryptographic Algorithms• Range o
Page 97 and 98:
Cryptographic AlgorithmsHashing alg
Page 99 and 100:
Modes of Operationencryption proces
Page 101 and 102:
Modes of OperationRSAAt around the
Page 103 and 104:
Key ManagementSSL can be used with
Page 105 and 106:
Key ManagementBrocade Encryption De
Page 107 and 108:
FC Security Best Practices6In previ
Page 109 and 110:
The Brocade SAN Security ModelThe m
Page 111 and 112:
The Brocade SAN Security ModelStora
Page 113 and 114:
The Brocade SAN Security ModelChann
Page 115 and 116:
The Brocade SAN Security Modelrestr
Page 117 and 118:
The Brocade SAN Security Modeltem a
Page 119 and 120:
The Brocade SAN Security ModelPassw
Page 121 and 122:
The Brocade SAN Security ModelData
Page 123 and 124:
The Brocade SAN Security ModelWith
Page 125 and 126:
Encrypting Data-in-FlightEncrypting
Page 127 and 128:
Encrypting Data-at-RestEncrypting D
Page 129 and 130:
Encrypting Data-at-Restand disk dev
Page 131 and 132:
Encrypting Data-at-RestPhysical Sec
Page 133 and 134:
Encrypting Data-at-RestTraining and
Page 135 and 136:
Chapter SummaryChapter SummaryAltho
Page 137 and 138:
Deploying SAN-AttachedDevices in a
Page 139 and 140:
Securing the Servers in the DMZpoli
Page 141 and 142:
Securing the Storage DevicesFor exa
Page 143 and 144:
Securing the Storage DevicesInterne
Page 145 and 146:
Auditing and Assessing the SANAudit
Page 147 and 148:
Securing FOS-Based Fabrics8When it
Page 149 and 150:
Securing Management InterfacesThe f
Page 151 and 152:
Securing Management InterfacesThe t
Page 153 and 154:
Securing Management InterfacesFilte
Page 155 and 156:
Securing Management InterfacesThe f
Page 157 and 158:
Securing Management Interfacesadmin
Page 159 and 160:
FC-Specific SecurityFC-Specific Sec
Page 161 and 162:
FC-Specific SecurityBrocade-support
Page 163 and 164:
FC-Specific SecurityTo prevent this
Page 165 and 166:
Fabric-Based Encryptionthe Brocade
Page 167 and 168:
Fabric-Based Encryption3. (LDAP onl
Page 169 and 170:
Chapter SummaryInsistent Domain IDI
Page 171 and 172:
Compliance and Storage9Certainly, m
Page 173 and 174:
Payment Card Industry Data Security
Page 175 and 176:
Breach Disclosure LawsThe precedent
Page 177 and 178:
Gramm-Leach-Bliley Act (GLBA)vides
Page 179 and 180:
Federal Information Processing Stan
Page 181 and 182:
Common Criteria (CC)allow different
Page 183 and 184:
Defense Information Systems Agency
Page 185 and 186:
Other SAN Security Topics10SAN secu
Page 187 and 188:
The Future of Key ManagementThe Fut
Page 189 and 190:
Brocade Data EncryptionProducts11Br
Page 191 and 192:
Brocade Encryption for Data-At-Rest
Page 193 and 194:
Brocade Encryption for Data-At-Rest
Page 195 and 196:
Brocade Encryption Features• Data
Page 197 and 198:
Brocade Encryption FeaturesThe next
Page 199 and 200:
Brocade Encryption FeaturesDEK clus
Page 201 and 202:
Brocade Encryption Featuresthe DEK
Page 203 and 204:
Brocade Encryption FeaturesThe foll
Page 205 and 206:
Brocade Encryption InternalsFigure
Page 207 and 208:
Design and Implementation Best Prac
Page 209 and 210:
Design and Implementation Best Prac
Page 211 and 212:
Brocade Encryption for Data-In-Flig
Page 213 and 214:
Chapter SummarySite ACiphertextSite
Page 215 and 216:
Fabric OS SecurityFeatures MatrixAL
Page 217 and 218:
Security FeatureFOS2.xFOS3.xFOS4.x+
Page 219 and 220:
Security FeatureFOS2.xFOS3.xFOS4.x+
Page 221 and 222:
Standards Bodies andOther Organizat
Page 223 and 224:
IETFSpecifically, the SNIA Security
Page 225 and 226:
IndexNumerics3DES 4Aaccess control
Page 227 and 228:
Indexhuman threat 9Iidentification
show all

SECURING FIBRE CHANNEL FABRICS - Brocade

Create successful ePaper yourself

Delete template?

Save as template?