SlideShare a Scribd company logo

unit 5-SECURING STORAGE INFRASTRUCTURE.PPT

Download as PPTX, PDF
D
Dss

The document outlines the importance of securing storage infrastructure, emphasizing three primary information security goals: confidentiality, integrity, and availability. It categorizes access to data storage into three security domains: application access, management access, and backup, recovery, and archive (BURA), each with specific threats and security measures. The discussion includes the complexities of securing these domains against potential threats like unauthorized access and data tampering.

Engineering
1 of 11
Download to read offline
1
2
Most read
3
4
5
6
7
Most read
8
Most read
9
10
11
UNIT V SECURING STORAGE INFRASTRUCTURE
SECURING STORAGE INFRASTRUCTURE Information security goals, Storage security domains, Threats to a storage infrastructure,Security controls to protect a storage infrastructure, Governance, risk, and compliance,Storage infrastructure management functions, Storage infrastructure management processes.
All information security measures try to address at least one of three goals: Protect the confidentiality of data Preserve the integrity of data Promote the availability of data for authorized use • These goals form the confidentiality, integrity, availability (CIA), the basis of all security programs.
• In order to identify the threats that apply to a storage network, access paths to data storage can be categorized into three security domains:  Application access, management access, and BURA (backup, recovery, and archive).
• The application access domain may include only those applications that access the data through the file system or a database interface. • Management Access to storage and interconnecting devices and to the data residing on those devices. Management access, whether monitoring, provisioning, or managing storage resources, is associated with every device within the storage environment. • Backup, Replication, and Archive Access primarily accessed by storage administrators who configure and manage the environment. Along with the access points in this domain, the backup and replication media also needs to be secured.
• Figure 15-2 shows application access in a storage networking environment. Host A can access all V1 volumes; host B can access all V2 volumes.  These volumes are classified according to access level, such as confidential, restricted, and public. Some of the possible threat in this scenario could be host A spoofing the identity or elevating the privileges of host B to gain access to host B’s resources.  Another threat could be an unauthorized host gain access to the network; the attacker on this host may try to spoof the identity of another host and tamper with data, snoop the network, or execute a DoS attack.  Also any form of media theft could also compromise security. SECURING THE APPLICATION ACCESS DOMAIN
unit 5-SECURING STORAGE INFRASTRUCTURE.PPT
SECURING THE MANAGEMENT ACCESS DOMAIN • Management access, whether monitoring, provisioning, or managing storage resources, is associated with every device within the storage network.
• Figure 15-3 depicts a storage networking environment in which production hosts are connected to a SAN fabric and are accessing storage Array A, which is connected to storage Array B for replication purposes. • Further, this configuration has a storage management platform on Host B and a monitoring console on Host A.
SECURING BACKUP, RECOVERY, AND ARCHIVE (BURA) • BURA is the third domain that needs to be secured against attack. A backup involves copying the data from a storage array to backup media, such as tapes or disks. • Securing BURA is complex and is based on the BURA software accessing the storage arrays.
• Figure 15-4 illustrates a generic remote backup design whereby data on a storage array is replicated over a disaster recovery (DR) network to a secondary storage at the DR site.

More Related Content

PPTX
Chapter 15
Ali Broumandnia
 
PPTX
Database Security
ShingalaKrupa
 
PPTX
Database security in database management.pptx
FarhanaMariyam1
 
PPTX
18CSE442 Cloud Security Introduction SRM.pptx
191013607gouthamsric
 
PDF
IA 124 Lecture 01 2022 -23-1.pdf hahahah
flyinimohamed
 
PPTX
Unit -3.pptx cloud Security unit -3 notes
Ramya Nellutla
 
PPTX
Information systems security chapter (5).pptx
jamsibro140
 
PPT
ELNA6eCh24.ppt
RashmiAcharya27
 
Chapter 15
Ali Broumandnia
 
Database Security
ShingalaKrupa
 
Database security in database management.pptx
FarhanaMariyam1
 
18CSE442 Cloud Security Introduction SRM.pptx
191013607gouthamsric
 
IA 124 Lecture 01 2022 -23-1.pdf hahahah
flyinimohamed
 
Unit -3.pptx cloud Security unit -3 notes
Ramya Nellutla
 
Information systems security chapter (5).pptx
jamsibro140
 
ELNA6eCh24.ppt
RashmiAcharya27
 

Similar to unit 5-SECURING STORAGE INFRASTRUCTURE.PPT (20)

PDF
Cyber security
Shreya Acharya
 
PPT
legal and ethical.ppt
Adhisthangurung
 
PPTX
Adbms 46 security and integrity of databases
Vaibhav Khanna
 
PPT
Dbms ii mca-ch12-security-2013
Prosanta Ghosh
 
PPTX
database Security for data security .pptx
KarimAhmed722436
 
PPTX
Data base security & integrity
Pooja Dixit
 
PPTX
Strategies for Developing Breach Resilient Data Lakes
prathamaywork
 
PDF
Computer Network Security study mate.pdf
Dorcask3
 
PDF
UNIT 3- DATABASE INTEGRITY AND SECURITY CONCEPTS (1).pdf
KavitaShinde26
 
PDF
Ensuring secure transfer, access and storage over the cloud storage
eSAT Journals
 
PDF
Ensuring secure transfer, access and storage over the cloud storage
eSAT Publishing House
 
PPTX
Database security
Software Engineering
 
PPTX
Database Security, Threats & Countermeasures.pptx
SaqibAhmedKhan4
 
PPT
Lecture 01- What is Information Security.ppt
shahadd2021
 
PPTX
Dummy+SAR+Summary+Report_Final__1.0.pptx
alphacentauri5
 
PPTX
cloud computing security, risks, pros and cons, risk mitigation, challenges
letheyabala
 
PPTX
cloud computing and data security, content level security, pros and cons
letheyabala
 
PPTX
Database security
afzaalkhalid1
 
PDF
Iaetsd secure data storage against attacks in cloud
Iaetsd Iaetsd
 
PDF
Locking Down Your Data: Best Practices for Database Security
FredReynolds2
 
Cyber security
Shreya Acharya
 
legal and ethical.ppt
Adhisthangurung
 
Adbms 46 security and integrity of databases
Vaibhav Khanna
 
Dbms ii mca-ch12-security-2013
Prosanta Ghosh
 
database Security for data security .pptx
KarimAhmed722436
 
Data base security & integrity
Pooja Dixit
 
Strategies for Developing Breach Resilient Data Lakes
prathamaywork
 
Computer Network Security study mate.pdf
Dorcask3
 
UNIT 3- DATABASE INTEGRITY AND SECURITY CONCEPTS (1).pdf
KavitaShinde26
 
Ensuring secure transfer, access and storage over the cloud storage
eSAT Journals
 
Ensuring secure transfer, access and storage over the cloud storage
eSAT Publishing House
 
Database security
Software Engineering
 
Database Security, Threats & Countermeasures.pptx
SaqibAhmedKhan4
 
Lecture 01- What is Information Security.ppt
shahadd2021
 
Dummy+SAR+Summary+Report_Final__1.0.pptx
alphacentauri5
 
cloud computing security, risks, pros and cons, risk mitigation, challenges
letheyabala
 
cloud computing and data security, content level security, pros and cons
letheyabala
 
Database security
afzaalkhalid1
 
Iaetsd secure data storage against attacks in cloud
Iaetsd Iaetsd
 
Locking Down Your Data: Best Practices for Database Security
FredReynolds2
 
Ad

More from Dss (10)

DOC
CCS367-STORAGE TECHNOLOGIES QUESTION BANK.doc
Dss
 
PPTX
SoT unit-4-BACKUP, ARCHIVE AND REPLICATION
Dss
 
PPTX
UNIT-III STORAGE Networking Technologies .PPT
Dss
 
PPTX
UNIT II INTELLIGENT STORAGE SYSTEMS AND RAID.pptx
Dss
 
PPTX
CCS367-STORAGE TECHNOLOGIES-UNIT -I.pptx
Dss
 
DOCX
CCS367- STORAGE TECHNOLOGIES SYLLABUS.docx
Dss
 
PPT
CLOUD COMPUTING.ppt
Dss
 
PDF
CCS367-Storage-Technologies-Lecture-Notes-1.pdf
Dss
 
PDF
Cs6402 apr may 2015
Dss
 
DOCX
Unit iv permutations and combinations
Dss
 
CCS367-STORAGE TECHNOLOGIES QUESTION BANK.doc
Dss
 
SoT unit-4-BACKUP, ARCHIVE AND REPLICATION
Dss
 
UNIT-III STORAGE Networking Technologies .PPT
Dss
 
UNIT II INTELLIGENT STORAGE SYSTEMS AND RAID.pptx
Dss
 
CCS367-STORAGE TECHNOLOGIES-UNIT -I.pptx
Dss
 
CCS367- STORAGE TECHNOLOGIES SYLLABUS.docx
Dss
 
CLOUD COMPUTING.ppt
Dss
 
CCS367-Storage-Technologies-Lecture-Notes-1.pdf
Dss
 
Cs6402 apr may 2015
Dss
 
Unit iv permutations and combinations
Dss
 
Ad

Recently uploaded (20)

PDF
BMEC211 - INTRODUCTION TO MECHATRONICS-1.pdf
ryankakungu
 
PPTX
Construction Project Organization Group 2.pptx
vj5agdales
 
PPTX
IOT PPTs Week 10 Lecture Material.pptx of NPTEL Smart Cities contd
ssusera400e8
 
PPT
CRASH COURSE IN ALTERNATIVE PLUMBING CLASS
rene militante
 
PDF
Enhancing Cyber Defense Against Zero-Day Attacks using Ensemble Neural Networks
IJCNCJournal
 
PPTX
Recipes for Real Time Voice AI WebRTC, SLMs and Open Source Software.pptx
Alberto González Trastoy
 
PPTX
Foundation to blockchain - A guide to Blockchain Tech
Davies Chacko
 
PDF
TFEC-4-2020-Design-Guide-for-Timber-Roof-Trusses.pdf
AinieButt1
 
PDF
Digital Logic Computer Design lecture notes
CHINNASUNKAIAH1
 
PDF
PPT on Performance Review to get promotions
prashant593122
 
PDF
keyrequirementskkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
mojeeburahmanwardak
 
PPT
Mechanical Engineering MATERIALS Selection
arsalanahmad705384
 
PPTX
Lecture Notes Electrical Wiring System Components
eedgecbhojpur
 
PPTX
Internet of Things (IOT) - A guide to understanding
Davies Chacko
 
PPTX
Welding lecture in detail for understanding
sahilpoonia10
 
PPT
Project quality management in manufacturing
BarMusaTetik
 
PDF
Mohammad Mahdi Farshadian CV - Prospective PhD Student 2026
Educational Group Mohammad Farshadian
 
PDF
Embodied AI: Ushering in the Next Era of Intelligent Systems
Yu Huang
 
PPTX
CYBER-CRIMES AND SECURITY A guide to understanding
Davies Chacko
 
DOCX
ASol_English-Language-Literature-Set-1-27-02-2023-converted.docx
AYUSHMANAV
 
BMEC211 - INTRODUCTION TO MECHATRONICS-1.pdf
ryankakungu
 
Construction Project Organization Group 2.pptx
vj5agdales
 
IOT PPTs Week 10 Lecture Material.pptx of NPTEL Smart Cities contd
ssusera400e8
 
CRASH COURSE IN ALTERNATIVE PLUMBING CLASS
rene militante
 
Enhancing Cyber Defense Against Zero-Day Attacks using Ensemble Neural Networks
IJCNCJournal
 
Recipes for Real Time Voice AI WebRTC, SLMs and Open Source Software.pptx
Alberto González Trastoy
 
Foundation to blockchain - A guide to Blockchain Tech
Davies Chacko
 
TFEC-4-2020-Design-Guide-for-Timber-Roof-Trusses.pdf
AinieButt1
 
Digital Logic Computer Design lecture notes
CHINNASUNKAIAH1
 
PPT on Performance Review to get promotions
prashant593122
 
keyrequirementskkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
mojeeburahmanwardak
 
Mechanical Engineering MATERIALS Selection
arsalanahmad705384
 
Lecture Notes Electrical Wiring System Components
eedgecbhojpur
 
Internet of Things (IOT) - A guide to understanding
Davies Chacko
 
Welding lecture in detail for understanding
sahilpoonia10
 
Project quality management in manufacturing
BarMusaTetik
 
Mohammad Mahdi Farshadian CV - Prospective PhD Student 2026
Educational Group Mohammad Farshadian
 
Embodied AI: Ushering in the Next Era of Intelligent Systems
Yu Huang
 
CYBER-CRIMES AND SECURITY A guide to understanding
Davies Chacko
 
ASol_English-Language-Literature-Set-1-27-02-2023-converted.docx
AYUSHMANAV
 

unit 5-SECURING STORAGE INFRASTRUCTURE.PPT

  • 1. UNIT V SECURING STORAGE INFRASTRUCTURE
  • 2. SECURING STORAGE INFRASTRUCTURE Information security goals, Storage security domains, Threats to a storage infrastructure,Security controls to protect a storage infrastructure, Governance, risk, and compliance,Storage infrastructure management functions, Storage infrastructure management processes.
  • 3. All information security measures try to address at least one of three goals: Protect the confidentiality of data Preserve the integrity of data Promote the availability of data for authorized use • These goals form the confidentiality, integrity, availability (CIA), the basis of all security programs.
  • 4. • In order to identify the threats that apply to a storage network, access paths to data storage can be categorized into three security domains:  Application access, management access, and BURA (backup, recovery, and archive).
  • 5. • The application access domain may include only those applications that access the data through the file system or a database interface. • Management Access to storage and interconnecting devices and to the data residing on those devices. Management access, whether monitoring, provisioning, or managing storage resources, is associated with every device within the storage environment. • Backup, Replication, and Archive Access primarily accessed by storage administrators who configure and manage the environment. Along with the access points in this domain, the backup and replication media also needs to be secured.
  • 6. • Figure 15-2 shows application access in a storage networking environment. Host A can access all V1 volumes; host B can access all V2 volumes.  These volumes are classified according to access level, such as confidential, restricted, and public. Some of the possible threat in this scenario could be host A spoofing the identity or elevating the privileges of host B to gain access to host B’s resources.  Another threat could be an unauthorized host gain access to the network; the attacker on this host may try to spoof the identity of another host and tamper with data, snoop the network, or execute a DoS attack.  Also any form of media theft could also compromise security. SECURING THE APPLICATION ACCESS DOMAIN
  • 8. SECURING THE MANAGEMENT ACCESS DOMAIN • Management access, whether monitoring, provisioning, or managing storage resources, is associated with every device within the storage network.
  • 9. • Figure 15-3 depicts a storage networking environment in which production hosts are connected to a SAN fabric and are accessing storage Array A, which is connected to storage Array B for replication purposes. • Further, this configuration has a storage management platform on Host B and a monitoring console on Host A.
  • 10. SECURING BACKUP, RECOVERY, AND ARCHIVE (BURA) • BURA is the third domain that needs to be secured against attack. A backup involves copying the data from a storage array to backup media, such as tapes or disks. • Securing BURA is complex and is based on the BURA software accessing the storage arrays.
  • 11. • Figure 15-4 illustrates a generic remote backup design whereby data on a storage array is replicated over a disaster recovery (DR) network to a secondary storage at the DR site.