.Part 5 Storage Security Best Practices and Support Information HP SAN Design Reference Guide 785355-001

ManualsBrandsHP ManualsStorageHP B-Series Remote Replication Solutions

Table 191 Security attack classes (continued)

DescriptionAttack class

• Use data for fraudulent purposes

• Deny authorized users access

Nonmalicious attacks can result from:

• Carelessness

• Lack of knowledge

• Circumventing security for nonmalicious purposes to perform tasks

Attacks due to modifications to hardware or software made at the factory or during distribution.

Distribution attacks can insert malicious code in a product, which can allow future unauthorized

access to the system.

Distribution

Storage security compliance

Compliance ensures that a storage system meets specific criteria established by law or regulation.

Retention of electronic records is mandated by statutory and regulatory law.

Data security regulations are enacted by international governments and U.S. federal and state

governments. All storage systems must comply with local regulations. Table 192 (page 370) lists

some of the U.S. and international security regulations.

Table 192 U.S. and international security regulations

International regulationsU.S. federal and state regulations

• European Union Data Protection Directive of 1995

• Sarbanes-Oxley (SOX) Act of 2002

•

Gramm-Leach-Bliley Act (GLBA) of 1999

Canada: Personal Information Protection and Electronic

Documents Act (PIPEDA)

• Securities and Exchange Commission Act (SEC) rules

17a-3 and 17a-4

• Australia: Privacy Act 1988

•

Department of Energy (DOE) 10 CFR 600.153

Retention and access requirements for records

Japan: Personal Information Protection Act

• UK: Data Protection Act 1998• California Data Security Act (SB 1386/AB 1950)

• New Zealand: Privacy Act 1993• New York Regulation 173 Standards for safeguarding

customer information

Security technologies

This section describes security technologies for IP SAN, Fibre Channel SAN, and encryption.

IP SAN security technologies

IP SAN technologies includes NAS, iSCSI, and FCIP. IP SAN security is achieved through the

following:

• CHAP

• IPsec

CHAP

CHAP uses a three-way handshake to ensure validity of remote clients. It is more secure than the

PAP. A summary of the CHAP process follows:

1. When the server is first connected, it sends a challenge message to the peer.

2. The peer responds by sending a value generated by a one-way hash function.

3. The server compares this value to its own generated value.

4. If the values match, the connection is allowed to continue; if they do not match, the connection

is terminated.

370 Storage security