The present invention relates to security management in a storage area network using the Internet Protocol (to be referred to as IP-SAN hereinafter).
In a fiber channel network, security management is realized for practical use by means of masking using a logical unit number (to be referred to as LUN hereinafter). The reason for this is that, since a fiber channel network is provided on a much smaller scale than an IP network and is predominantly used as a closed network, threats to security through attack have not arisen thereon. However, in a Small Computer System Interface (to be referred to as SCSI hereinafter), which is the basic technology of a fiber channel network, the transmission distances are extremely short and environment construction costs are high; and, hence, in terms of maintenance and extendability, SCSIs are ill-suited to the ever-increasing scale of recent IT enterprises.
Thus, the need for IP-SANs using low-cost, highly extendable IP network technology continues to grow. Conventionally, a storage device that is installed on a closed network is accessed via an IP network, thus merging with business traffic, such that the network is expanded in scale. In so doing, however, the threat of intentional attack and the possibility of accidents caused by inadvertent traffic inflow increase.
Japanese Unexamined Patent Application Publication 2002-63063 discloses security technology in a SAN. In this technology, a conventional, divided security system is unitarily integrated and managed. To perform optimal security management automatically in the SAN, an integral management mechanism which controls the SAN integrally is installed, and this management mechanism is used to enable integral management of the access relations between hosts and storage devices.
In conventional LUN masking technology, security vulnerability exists in the phase up to LU access. More specifically, even when unauthorized LU access can be prevented, the establishment of a TCP (Transmission Control Protocol) connection may be permitted, leading to damage, such as a Denial of Service attack or a Distributed Denial of Service attack. Further, in the interior of an IP-SAN, an attacker may spoof connection source information to assume the identity of a valid user, and thus detect a list of other nodes (initiators or targets), and by assuming the identity of the detected other nodes, the attacker may detect nodes in an even wider range, thus enabling the attacker to gather information such as an iSCSI name, portal information, and discovery domain, which may be used as attack materials, easily and cumulatively.