Specifications

www.ibm.com/support/techdocs 46

Summary of Best Practices for Storage Area Networks

connected to the management LAN, and allows only traffic from the management

stations and certain protocols that you define.

At a high level, some of the security best practices include the following:

• Default configurations and passwords should be changed.

• Configuration changes should be checked and double checked to ensure

that only the data that is supposed to be accessed can be accessed.

• Management of devices usually takes a “telnet” form—with encrypted

management protocols being used.

• Remote access often relies on unsecured networks. Make sure that the

network is secure and that some form or protection is in place to guarantee

only those with the correct authority are allowed to connect.

• Make sure that the operating systems that are connected are as secure as

they ought to be, and if the operating systems are connected to an internal

and external LAN, that this cannot be exploited. Access may be gotten by

exploiting loose configurations.

• Assign the correct roles to administrators.

• Ensure the devices are in physically secure locations.

Make sure the passwords are changed if the administrator leaves. Also ensure they

are changed on a regular basis. Finally, the SAN security strategy in its entirety

must be periodically addressed as the SAN infrastructure develops, and as new

technologies emerge and are introduced into the environment.

10.2 Consistent clock settings

All devices within a SAN environment which support network time protocol should

have this feature enabled and refer to the same time server. The end result is that

time-stamped data and logs from different devices will be consistent (a second or so

at most) which will significant help administrators and support personnel cross

reference data from multiple devices. Having consistent clock settings will ultimately

save time during outages as well as assist during routine maintenance activities.

10.3 Interoperability