SECURING FIBRE CHANNEL FABRICS - Brocade

Chapter SummaryInsistent Domain IDIt is possible for a switch to obtain a new domain ID after a reboot, particularlywhen a switch is added to a new fabric or after a massivepower failure. To prevent this from occurring, it is a best practice toassign a domain ID to a switch using an insistent domain ID (IDID).Once it is set, a DID survives reboots or power failures and will neverchange.The insistent domain ID is set using the configure command:• Select y after the Fabric Parameters prompt• Select y again after the Insistent Domain ID Mode promptChapter SummaryWith over 100 security features and more added in every Fabric OSrelease, there are many tools at the disposal of SAN and security professionalsto increase the security level of their SAN environment.Most of these features are relatively simple to implement and do notadd any overhead to the daily management tasks of the SAN administrator.Some features actually simplify management (RADIUS andLDAP), for example, by allowing a SAN administrator to change thepassword for a user in one convenient location as opposed to everyswitch in the SAN.Deciding which FOS security features to implement depends on eachindividual organization's requirements, which includes factors such as:• Specific vulnerabilities• Probability of a vulnerability being exploited• Value of the asset being protected• Cost of implementing the countermeasures• Impact on day-to-day management activitiesOnce these factors are weighed carefully, a SAN security policy can becreated and implemented using appropriate countermeasures.Securing Fibre Channel Fabrics 153