SANs provide any-to-any connectivity to storage and thus your data— ‘But based on trust’
ISSUES
• Host can masquerade as another client to gain access to unauthorized data
• Attacker could forge source address in a FC message to make that message appear to come from another server on the SAN
1st Generation Fabric Switches
• WWN spoofing • S_ID spoofing
• No secure authentication for hosts and targets
• No protections from replay attacks
At the hardware level, Fibre Channel is a bus based on trust. As such, it essentially provides no security against spoofing attacks where a compromised client masquerades as another client to get access to unauthorized data.