Storage networking has unique needs because they are used for bandwidth-intensive communications between computing systems and the storage arrays that support them. Learn about storage network technologies, including iSCSI, Fibre Channel, Fibre Channel over Ethernet, and virtual SANs.
- [Narrator] Let's turn our attention to a class of special purpose networks: Storage Networks. Storage networking has unique needs because storage networks are used for bandwidth-intensive communications between computing systems and the storage arrays that support them. There are two main types of networked storage: Network Attached Storage, or NAS, are storage devices that connect to a network and provide storage services to other devices on that network. NAS devices are typically fairly simple and self contained.
Devices accessing NAS storage use standard storage protocols such as the CIFS protocol, used to access file shares on Windows systems, or NFS which is used for similar purposes on Linux systems. Larger storage needs require the use of Storage Area Networks, or SANs. These are massive arrays of devices that serve networks with very large storage requirements. SANs differ from NAS storage in several ways.
First, they appear to the systems using the storage as raw disks that the operating system may format and use as it wishes. NAS devices, on the other hand, look like file servers. Second, SANs are connected to the devices using that storage using dedicated storage networks. Early SANs used dedicated fibre optic communications using a technology known as fibre channel. Fibre channel offers very high-speed connections but it is very expensive to implement.
Engineers developed an alternative to fibre channel that uses the same technology over standard networks. This technology, called fibre channel over ethernet, is noticeably slower but it can use an organization's existing network infrastructure. The third networking technology used by SANs is the internet SCSI, or iSCSI protocol. Computer systems have used the Small Computer Systems Interface, or SCSI standard, to communicate with hard disks actually installed in the computer for many years.
iSCSI takes this same standard protocol and allows systems to use it over a network connection. Security professionals should pay careful attention to any storage networks in their organizations. Storage networks often carry large quantities of sensitive information back and forth between servers and storage systems. These communications are often unencrypted for performance reasons and may expose sensitive data. Therefore, security professionals should take added measures to protect storage networks.
Storage traffic should either be carried on a dedicated network or use a separate VLAN that has careful trunk management to ensure that it is only available in places where it is absolutely necessary. Storage networks carry some of an organizations' most sensitive traffic and must be carefully protected. Virtual storage area networks, or VSANs, facilitate this by creating private virtual networks for devices with similar storage requirements.
You can think of them as the storage equivalent of the virtual LANs, or VLANs, that are used for regular network segmentation.
Learn about communication and networking best practices, including TCP/IP networking, network security devices, and secure network design and management. Instructor and cybersecurity expert Mike Chapple also includes coverage of converged protocols, network encryption, and wireless networking. You can find Mike's companion study books for this series at the Sybex test prep site and review the complete CISSP Body of Knowledge at https://www.isc2.org/cissp-domains/default.aspx.
- IP addressing
- Switches and routers
- Content distribution networks
- Designing secure networks
- Specialized networking
- Managing secure networks
- Working with virtualized networks like SDNs
- Detecting and preventing network attaches
- Transport encryption
- Wireless networking
- Host security