This paper discusses techniques available in premiere Cisco data center switching products (Cisco Catalyst 6500 Series LAN switches and Cisco MDS 9000 family SAN switches) and solutions to make server farms less vulnerable to threats whether they are related to the LANs or SANs.
Enterprise data centers contain assets, applications, and data that are often the target of electronic attacks. Endpoints such as data center servers are important objectives of malicious attacks and must be protected. Attacks against server farms can result in lost business for e-commerce and business-to-business applications and theft of confidential or proprietary information. Both data networks (LANs) and storage area networks (SANs) need to be secured to reduce the likelihood of these occurrences.
SANs have traditionally been considered “secure” primarily because of the fact that SAN deployments have been limited to a subset of a single data center-in essence, an isolated network. This view is simplistic at best; a single compromised host has the potential to disrupt other hosts attached to the SAN, access unauthorized data within the SAN, or bypass existing firewalls and intrusion detection systems if IP over Fibre Channel is being used.
Today it is not uncommon to find a SAN that spans outside a data center for business continuance and disaster recovery purposes. The adoption of technologies such as Small Computer System Interface over IP (iSCSI) and Fibre Channel over IP (FCIP), which use TCP/IP for the transport, emphasizes the need for SAN security as sensitive information passes over common data networks.
