Главная > Brocade > Brocade FC Switch Advance Security Features — Concept

Brocade FC Switch Advance Security Features — Concept

A SAN is subject to numerous potential vulnerabilities. The diagram below illustrates common SAN threat points.
SAN threat types fall loosely into three categories:
· Device-to-switch traffic
· Inter-switch communication
· Traffic to or from fabric devices

The table below illustrates the risk exposure that these scenarios can introduce into enterprise security management.


The fabric OS performs no significant integrity checking on configuration files.


Limited lockdown of access to the switches poses a greater risk of DOS attacks, physical access problems (such as powering the switches off), and other fabric-wide disruptions.


The fabric OS uses no encryption on traffic to or from the SAN.


The fabric OS uses weak, “clear text” username/password combination to authenticate remote users connecting to a switch and does not authenticate or validate switch-to-switch links.


In spite of some ability to differentiate between administrator and user levels, changes made to one switch can still effect the configuration of the whole fabric.


The fabric OS has limited ability via SNMP or Fabric Watch to manage switch parameters. Because the OS does not specifically address security, switch parameter information is limited.
· Integrity: Protecting data from unauthorized, unanticipated, or unintentional modification
· Availability: Ensuring that resources are accessible on a timely basis when needed
· Confidentiality: Protecting information from unauthorized disclosure
· Authentication: Proving that an entity is in fact who they claim to be
· Authorization: Ensuring that only appropriate entities have access to specified resources
· Accounting: Providing appropriate records of specified activities (such as in the form of logs)

To address these security risk, Brocade’s Secure Fabric Operating System (SFOS) provides a comprehensive security solution for Brocade based SAN fabrics. With its flexible design, SFOS enables organizations to customize SAN security in order to meet specific policy requirements. In addition, SFOS works with a security practice which is already deployed in many SAN environments: Advanced Zoning. Secure Fabric OS functionality falls into five basic categories:

1. Fabric Configuration Server (FCS) provides a centralized way to manage fabric-wide configurations and policies.
2. Management Access Control (MAC) adds additional layers of granularity when enforcing what devices can access SAN switches by way of which applications.
3. Secure Management Channel provides a more secure method for running management applications that use encrypted passwords and certificates for authentication.
4. Switch Connection Control (SCC) improves switch-to-switch authentication by allowing the use of digital certificates as well as locking down which ports can become E_ports (also called ISL trunks).
5. Device Connection Control (DCC) allows only specific devices into the fabric (per their WWNs) from a specific port or group of ports.

Fabric Configuration Server (FCS)

The implementation of secure mode on a fabric requires grouping the switches logically into three areas:
a). Primary FCS Switch: This label applies to a single, uniquely powerful switch that is the sole owner of read/write privilege for fabric-wide operations. Design criteria for selecting this switch include:
— The switch that is in the most secure, best controlled physical location (typically not at a remote office)
— The most robust switch in the fabric
— A core switch that is physically near the largest number of switches in the fabric
b). Backup FCS Switches: One or more switches that can become the Primary FCS Switch if it becomes unavailable. All FCS switches conform to a conventional order, in which the first switch is the Primary FCS Switch, the second switch is the first Backup FCS Switch to take over in the event of a failure, and so on. These switches do not have the ability to make changes to fabric-wide configurations unless they become the Primary FCS Switch.
c). Non-FCS Switches: This third class of switches encompasses all the remaining switches in the fabric. Any device not designated as an FCS switch type simply functions as a member switch that will never have the ability to modify fabric-wide configuration parameters.
Management Access Control (MAC)

The Management Access Control (MAC) of the SFOS enables the fabric administrator to choose selectively how to manage the SAN. The MAC targets three broad categories, each with many sub-categories:
· Remote Access Limitations: Compares the source IP address of the remote connecting device to the respective policy.
· Port-Based Access: Uses the device WWN of the requesting system to compare against the respective policy.
· Physical Access Connections: Uses the switch WWN of the requesting switch to compare against the respective policy.

Switch Connection Control (SCC)

One way to prevent unauthorized switches from joining the fabric is to use of the SCC_POLICY. Much like the MAC policies, the SCC is simply a group of switch WWNs that have permission to join the fabric. The SCC_POLICY contains one WWN for each valid switch in the fabric.
The SCC_POLICY provides an additional “sanity check” to the SAN creation or modification process. Administrators
can take two approaches when configuring the fabric to use the SCC security layer.
a). The administrator can add the asterisk (*) character to the secPolicyCreate command to create and configure the SCC_POLICY. This form of the command adds all the WWNs of the switches currently in the security enabled fabric. In this case, the administrator must verify the WWN names and the number of devices to ensure that there are no incorrect or unexpected devices in the fabric.
b). The administrator can create the policy manually by adding the WWNs of the switches that are to participate in the fabric. Note that upon creation, the SCC automatically adds all FCS switches to the group, giving the administrator a useful starting point.

Note: Use the SCC_POLICY to prevent unauthorized switches from joining the fabric and not as a tool to isolate authorized switches that are already in the secure fabric. If to add new switch to the fabric and the administrator does not modify the SCC_POLICY to include new Switch, then the SFOS will reject the switch when it attempts to join the fabric.
Device Connection Controls (DCC)

Similar to a port lockdown methodology in an IP switch environment, DCCs allow the SAN administrator to select what device WWNs can connect to which switch ports. By creating various unique policies using the DCC_POLICY_xxx name format, administrators can lock down a fabric to varying degrees of granularity. To achieve extreme control (and high management), the administrator can connect a fabric so that each switch port can connect to only a single WWN. DCCs are more flexible: a group of switch ports can support numerous WWNs on any given port. This configuration range allows the SAN administrator to strike the balance between security and flexibility by layering the amount of restrictions on the fabric .


Categories: Brocade Tags:
  1. Пока что нет комментариев.
  1. Пока что нет уведомлений.