Search
 Advanced SearchView Cart   Checkout   
 Location:  Home » Books » General AAS » Securing Storage: A Practical Guide to SAN and NAS SecurityJanuary 7, 2009  
Browse
Books
Computers
Electronics
Related Categories
• General AAS
Qualifying Textbooks
Custom Stores
Specialty Stores
Books
• General AAS
Internet
Home Computing
Computers & Internet
Subjects
• Privacy
Business & Culture
Computers & Internet
Subjects
Books
• Security+
Exams
Certification Central
Computers & Internet
Subjects
• Network Security
Networking
Computers & Internet
Subjects
Books
• General
Programming
Computers & Internet
Subjects
Books
• General AAS
Programming
Computers & Internet
Subjects
Books
• General
Software
Computers & Internet
Subjects
Books
• General AAS
Software
Computers & Internet
Subjects
Books
• General
Computers & Internet
Subjects
Books
• General AAS
Computers & Internet
Subjects
Books
• Hardcover
Binding (binding)
Refinements
Books
• Printed Books
Format (feature_browse-bin)
Refinements
Books
Securing Storage: A Practical Guide to SAN and NAS Security
Securing Storage: A Practical Guide to SAN and NAS Security
Author: Himanshu Dwivedi
Publisher: Addison-Wesley Professional
Category: Book

List Price: $49.99
Buy New: $14.90
You Save: $35.09 (70%)
Buy New/Used from $13.89

Avg. Customer Rating: 4.0 out of 5 stars(5 reviews)
Sales Rank: 911517

Languages: English (Original Language), English (Unknown), English (Published)
Media: Hardcover
Number Of Items: 1
Pages: 560
Shipping Weight (lbs): 2.3
Dimensions (in): 9.4 x 6.9 x 1.3

ISBN: 0321349954
Dewey Decimal Number: 005.8
EAN: 9780321349958
ASIN: 0321349954

Publication Date: November 21, 2005
Availability: Usually ships in 1-2 business days
Similar Items:

  • Storage Network Performance Analysis
  • Storage Security: Protecting, SANs, NAS and DAS
  • VMware ESX Server in the Enterprise: Planning and Securing Virtualization Servers
  • Principles of SAN Design: Updated for 2007
  • Designing Storage Area Networks: A Practical Reference for Implementing Fibre Channel and IP SANs (2nd Edition)
Editorial Reviews:

Product Description
The security of data, as shown by several recent high-profile cases, is weak. It is but a question of time before courts begin requiring more thorough steps to be taken--users and courts want data security. This book not only helps IT meet those growing needs, but shows the vendors where they need to improve. Regulations have highlighted an overlying issue of data protection. Data, whether it is financial data, non-public private information, or medical data, needs to be protected from unauthorized external and internal entities at all times. Much valuable data (i.e. customer and patient data) spends most of its lifetime in a storage device--not on computers, servers, or networks. Local failures and outside intruders can change, destroy, or compromise stored data even if the main network is secure: storage requires its own security. This book is a must read for IT personnel responsible for data security and security consultants who perform compliance audits at companies that use storage devices.

Customer Reviews:

3 out of 5 stars Poorly Edited - almost unreadable - but good content   February 1, 2007
  1 out of 1 found this review helpful

So far the content is good, but the editing is so bad that it leaves the book almost unreadable. I understand there may a language issue, but give me a break, I am paying $40.00 for a hard cover, professional book, written in english and published by a well known and respected publisher. I believe I should be able to reasonably expect that the grammar is correct and blatant typos are removed - this book looks more like a draft than a final copy. Some sentences are so bad they make no sense, which makes reading the book challenging since you have to skim over the nonsense to extract the useful information.

I gave it a 3 for the content, I would give it a 1 for readability and quality. I will be asking Addison Wesley for my money back on this one.



3 out of 5 stars Less storage security, and more network security   September 13, 2006
  1 out of 1 found this review helpful

This book is written in very human-friendly language , you can read this book very easily like a magazine. The author divided this books into three parts , and those are NAS security, SAN security and iSCSI security. As the author said in the beginning of this book, this book for only introduction to storage security, and the author does only that.

When it comes to negative points, the major problem with this book is , the author telling the story again and again . If he explained one point , he will repeat the same thing again and again later. So , out of 400 pages the book has , at the end of the day, you are getting only 100 page worth of knowledge.

On more major issue with this book is , the author didn't given sufficient information about the actual storage security protocols like FCSP and others.

Don't expect too much from this book , this book is a very simple and introduction level book to storage security.


5 out of 5 stars Good Addition to Any System Admin Refferance Shelf   May 10, 2006
  1 out of 1 found this review helpful

Dwivedi does an excellent job of covering a little thought about area of networking that is growing rapidly.

The layout of the book is well thought out and takes the reader thru a step-by-step process of how networked storage is hacked. This is not a book that you would want to read once and expect to have all the answers. Dwivedi has written this book with both the reader and that concept in mind. It contains a vast amount of knowledge about network storage secutity. There is so much information that memorizing this book would be impossible
Dwivedi provides the reader with numerous assessment exercises making it easier to understand the large amount of information and techniques presented. It is thoroughly indexed and arranged in away that allows anyone to access an attack method and reference that process including the downloads with which to attack any choosen vulnerability.

The introduction section of this book gives anyone with little or no network storage knowledge a very concise understanding of risk management, security basics and attack scenarios. It is finalized with a handy question and answer section that helps tie it all together.

Dwivedi covers processes, types of storage and the designs most commonly used in storage networks in great detail. He covers SAN, NAS and iSCSI Security and the ways in which to attack each successfully. Every conceivable attack on network storage and how they are done, including many links to scripts are included for the reader. They show the reader general storage network knowledge and how to audit their own systems for security weaknesses. It gives the reader a very broad overview of the subject with detailed specifics, which helps to understand the technical basis of attacks and how to deter those attacks.


Dwivedi wraps it all together with details on how to lock down each of the network storage types in detail. As with the rest of the book he lists precise step-by-step ways to
audit a system and keep out the unauthorized. In the last part of the book Dwivedi also covers compliance, regulations and how they relate to storage. He shows how Sarbanes,HIPAA,G-LB, and CA SB1386 affect storage and storage security. He covers the main sections of each regulation and gives highlights about each, including common examples of what is affected. To help the reader further digest an otherwise difficult to comprehend subject, Dwivedi provides three case studies of how actual companies have secured their networked storage.

If you do any networked storage or securty I highly recommend this great security book as an addition to your referance library.


4 out of 5 stars Well-written book, poor proofreading   December 25, 2005
  4 out of 7 found this review helpful

Storage Security provides a very good overview and a good insight in the world of storage security and its possible pitfalls.

The book starts off with a global introduction on security concepts, a description of what is going to be covered in the remainder of the book, as well as a Q&A of real-life questions, which might contain too many new concepts to fully appreciate. After that, each chapter describes a set of architecture-specific attacks (i.e. attacks which focus only on FC, CIFS, NFS, iSCSI), and tries to position the attacks in a Security Business Risk (SBR) matrix. The description of the attacks is done in a fairly modular setup, which enforces the idea of the book being a reference as well as a book that can be read cover to cover.

The remainder of the book focuses not on the attacks but on the ways SANs and DAS can be protected, actual command line parameters for NetApp and Cisco boxes (which might serve as a handy reference for the NetApp and Cisco people among us), as well as several case studies.

The writer takes his time to explain intricate details of lesser known attacks and solutions, and covers all sorts of techniques that many system administrators might not be up to date with, such as zone hopping and E-port replication.


No book is perfect, and neither is this one. Among the things that bothered me the most while reading the book are:

- The number of typos in this book is incredible, making me wonder whether this book was proofread in the first place. For example, the paragraph on page 101/102 contains four typos alone:

* "to a greater degree that the" instead of "to a greater degree than the".
* "While this may seen to be" instead of "While this may seem to be".
* "sensitive application such as" instead of "sensitive applications such as".
* "should requite a higher degree" instead of "should require a higher degree of".

These are all fairly innocuous; the same cannot be said from writing down things like "Diffie-Hielman CHAP" (page 32).

- Please make sure that images meant to clarify difficult concepts (such as man-in-the-middle attacks using spoofed PLOGI frames and name server pollution), as well as the accompanying explanation, do not contain typos that complicate things even further. See page 67.

- Many people learn by repetition. However, explaning me how to change a node WWN 4 times with the same screenshots in a range of 50 pages might be a little too much repetition. The same goes for the explanation of the result (a possible denial-of-service attack), which is copied and pasted multiple times (see e.g. 79, 115, 119, 124).

- By the time I write this review, the web page mentioned on the back cover as well as on page 375 (http://www.isecpartners.com/securingstorage) is not online, which is a shame. It only takes 5 minutes to come up with a proper "This page is under construction, but for now take a look at the following interesting sites or articles" page.

- Stick to acronyms. If the acronym for port WWN is WWPN, don't change that into pWWN in the next chapter. It's not consistent, and might be confusing for people that are new to this (fascinating) area.

Overall, the book earns 4 stars. It fills a gap that needs to be filled, and does so with technical accuracy, good examples, clear writing style and screenshots that add to the understanding of the reader. The font and layout is well-chosen, so it shouldn't be a problem to read this book for hours on end if you would like so.


5 out of 5 stars an unsettling text to some sysadmins   December 19, 2005
  6 out of 6 found this review helpful

The theme of this book is that Storage Area Networks and Network Attached Storage have been hitherto neglected with respect to securing their contents against unauthorised use. Dwivedi remarks that most sysadmins focus on maintaining and securing a corporate firewall. Along with regularly patching users' machines plus web servers. A common attitude is that SAN and NAS devices are at the very heart of the corporate network, and often cannot be directly accessed from outside the firewall.

Dwivedi spends the bulk of his book debunking this idea. For one thing, he points out that a SAN or NAS box is a computer that has to run an operating system. Usually linux, unix or Microsoft. A vendor is very unlikely to write a custom operating system from scratch. Too expensive and takes too long to devise. So even if nothing else, you as a sysadmin should regularly patch those boxes if you can, when known bugs are found in their operating systems. These boxes should be no more exempt from patching than your other machines, even those behind the firewall.

Another cause of concern is the sheer mass of data on a SAN or NAS box. Nowadays, likely to be many gigabytes. These are high value targets for an attacker. Whereas a typical user's desktop would have much smaller data sets.

Plus, even with a firewall, there is always the possibility of an employee being an attacker. If she has a machine inside the firewall, then this already gives her a good start. Of course, you might reply that you "lock down" your users' machines, so that they cannot get root access, for example. But the attacker with a Microsoft machine could boot off a Knoppix CD, for example, and go into a linux that sits only in memory, and for which she has root. Suppose now you have a NAS box exporting a file system via NFS to the attacker's machine, which is normally running Microsoft Windows. The author shows how the attacker can from her Knoppix OS mount the NAS file system and by changing her local passwd file, assume any user id and group id that gives her read access (and maybe write access) to any file in the foreign file system.

These are the sort of attacks that you have to guard against. The book offers several chapters at its end describing possible countermeasures. The tone of the book is not alarmist. Rather, Dwivedi matter of factly walks through many attacks; the above being just one case. He shows how using open source code freely available on the net, that an attacker could gleam useful data from your machines.

Powered by: Dknc, inc. and Amazon.com


For your safety and security, orders are processed through amazon.com