《SNIA&FCIA：2024光纤通道（FC）数据存储安全白皮书（第二版）（英文版）（18页）.pdf》由会员分享，可在线阅读，更多相关《SNIA&FCIA：2024光纤通道（FC）数据存储安全白皮书（第二版）（英文版）（18页）.pdf（18页珍藏版）》请在三个皮匠报告上搜索。

1、 Storage Security:Fibre Channel Security Version 2.0 February 14,2024 Eric A.Hibbard,CISSP,FIP,CISA Storage Security:Fibre Channel Security ii 2024 SNIA&FCIA Table of Contents Executive Summary.1 1 Introduction.1 2 Storage Technology Overview.1 2.1 Storage Area Networks(SAN).1 2.2 Fibre Channel(FC).

2、2 2.3 FC address discovery and access control.3 3 FC and SAN Security Background.4 3.1 Threats.4 3.2 SAN Security.5 3.3 Overview of Fibre Channel Security.5 3.3.1 DH-CHAP authentication.7 3.3.2 ESP_Header.8 3.3.3 CT_Authentication.8 3.3.4 Fibre Channel Security Association.9 3.3.5 FC-SP Zoning.9 4 S

3、ummary of FC Security Guidance.9 4.1 FC SAN Security.9 4.2 FC Device Security.10 5 SNIA Observations and Guidance for FC.10 5.1 FC Link Encryption.10 5.2 Data at-rest encryption.11 6 Summary.11 7 Abbreviations.12 8 Acknowledgments.12 10.1 About the Author.12 10.2 Reviewers and Contributors.13 Biblio

4、graphy.14 List of Tables Table 1.Fibre Channel Layers.2 Storage Security:Fibre Channel Security iii 2024 SNIA&FCIA List of Figures Figure 1.FC Port Types.3 Figure 2.FC Authentication.6 Figure 3.Relationship between FC-SP-2 Authentication Protocols and Security Associations.7 Storage Security:Fibre C

5、hannel Security 1 2024 SNIA&FCIA Executive Summary Fibre Channel(FC)is the premier transport for storage within and across datacenters,known for its reliability,resilience,and high-speed connectivity.Yet the capabilities available to provide security protections within a Fibre Channel network are ne

6、ither well known nor well understood.In reality,in a Fibre Channel network both servers and storage systems provide many security capabilities themselves,while there are also other Fibre Channel-specific capabilities of the infrastructure that are available to provide additional security within the