Storage Area Network (SAN) Security and Performance

Storage Area Network (SAN) Security and Performance

MASTER THESIS Evaluation of Storage Area Network (SAN) Security and Performance Master Thesis in Computer Network Engineering November 2013 Author: Siavash Hajirostam Supervisor: Tony Larsson Examiner: Tony Larsson __________________________________ School of Information Science, Computer and Electrical Engineering Halmstad University PO Box 823, SE-301 18 HALMSTAD Sweden Evaluation of Storage Area Network (SAN) Security and Performance Siavash Hajirostam © Copyright Siavash Hajirostam, 2013. All rights reserved. Master thesis report IDE 1325 School of Information Science, Computer and Electrical Engineering Halmstad University Preface I would like to express my appreciation to my supervisor, Professor Tony Larsson, for the many useful discussions, comments and suggestions on this thesis and also my thanks go to the staff of Halmstad University for giving me the opportunity to study in the computer network engineering program. Finally, my special thanks to my family for their encouragement and support during my stud ies. Siavash Hajirostam Halmstad, November 2013 i Abstract Due to growing the number of Information Technology (IT) users all around the world, consequently the amount of data that needs to be stored is increasing day by day. Single attached disks and old storage technologies cannot manage the storing these amounts of data. Storage Area Network (SAN) is a distributed storage technology to manage the data from several nodes in centralize place and secure. This thesis investigates how SAN works, the file system and protocols that are used in implementation of SAN. The thesis also investigate about other storages technologies such as Network Attached Storage (NAS) and Direct Attached Storage (DAS) to figure out the advantages and disadvantages of SAN , The main focus of the thesis project is on identifying the security vulnerabilities in SAN such as possible attacks in different SAN protocols. The thesis finally identifies the performance factors in SAN to figure out how to improve the performance with respect to security solutions aimed to enhance the security level in SAN. iii Contents Preface ..................................................................................................................................... i Abstract ................................................................................................................................ iii 1 Introduction .................................................................................................................... 1 1.1 Societal and Ethical Aspects of SAN Technology ...................................................... 1 1.2 Problem ................................................................................................................................. 1 1.3 Thesis Goals .......................................................................................................................... 2 1.4 Thesis Questions ................................................................................................................. 2 1.5 Thesis Methodology ........................................................................................................... 2 1.6 Thesis Structure .................................................................................................................. 2 2 Background ..................................................................................................................... 3 2.1 Storage Area Network (SAN) ........................................................................................... 3 2.1.1 Storage Area Network objectives ........................................................................................ 3 2.1.2 SAN File System .......................................................................................................................... 5 2.2 Storage Area Network protocols ................................................................................... 6 2.2.1 Fibre Channel protocol (FC) .................................................................................................. 6 2.2.2 Fibre Channel Layers ................................................................................................................ 7 2.2.3 Naming Mechanism in FC ....................................................................................................... 9 2.2.4 Internet Small Computer System Interface (iSCSI) ..................................................... 9 2.3 Internet protocol over fibre channel SAN ................................................................11 2.3.1 Fibre Channel over IP (FCIP) ............................................................................................. 12 2.3.2 Internet Fibre Channel Protocol (iFCP) ......................................................................... 12 2.3.3 Internet Storage Name Services (iSNS) ......................................................................... 13 2.4 ATA over Ethernet (AOE) ...............................................................................................13 2.5 Fibre Optic Cables .............................................................................................................13 2.5.1 Host Bus Adapter (HBA) ...................................................................................................... 13 2.6 Network Attached Storages (NAS) ..............................................................................14 2.7 Direct Attached Storage (DAS) .....................................................................................14 3 Storage Area Network security issues ................................................................ 15 3.1 Storage Area Network access control ........................................................................15 3.2 Fibre Channel Storage Area Network attacks .........................................................16 3.2.1 Session hijacking attack ....................................................................................................... 17 3.2.2 Address Weakness attack .................................................................................................... 17 3.2.3 Man-In-The-Middle attack .................................................................................................. 17 3.2.4 Name Server Pollution attack ............................................................................................ 18 3.3 Internet Small Computer System Interface attacks ..............................................18 3.3.1 Man-in-the-middle Attack ................................................................................................... 18 3.3.2 Internet Simple Name Server Domain Hopping ......................................................... 19 3.3.3 Authentication Attack ........................................................................................................... 19 3.4 Fibre Channel security solutions .................................................................................19 3.4.1 Fibre Channel Zoning ............................................................................................................ 20 3.4.2 Logical Unit Number masking ........................................................................................... 21 v 3.4.3 Port Binding .............................................................................................................................. 21 3.5 Internet Small Computer System Interface SAN security solutions ...............21 3.5.1 Challenge Hand Shake protocol ........................................................................................ 22 3.5.2 Remote Authentication Dial In User Services server ............................................... 22 3.5.3 Kerberos V5 protocol ............................................................................................................ 22 3.6 Results comparison ..........................................................................................................23 4 Storage area network performance .................................................................... 24 4.1 Storage Area Network performance aspects ..........................................................24 4.1.1 Storage performance metrics ............................................................................................ 24 4.1.2 Redundant Array of Independent Disks ........................................................................ 25 4.2 Internet Small Computer System Interface SAN performance .........................25 4.2.1 TCP Offload Engine (TOE) ................................................................................................... 26 4.2.2 Back up task performance in iSCSI SAN ........................................................................ 26 4.2.3 Caching in Storage Area Network .................................................................................... 26 4.3 Fibre channel performance .............................................................................................27 4.3.1 Performance comparison of SSL and IP Sec................................................................. 28 4.4 Results comparison ............................................................................................................29 5 Conclusion .................................................................................................................... 31 6 References ...................................................................................................................

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    59 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us