– Digital signatures – User authentication – Key distribution server – FC-3 layer can support encryption services – FC-SP – Specifies switch-to-switch authorisation & encryption
• However, few of these mechanisms are currently implemented by manufacturers:
– Lack of perceived threat
– Most current SAN installations have been within secure managed environments
The FC specifications do define some options for data security mechanisms. These options include:
• Fibre Channel Common Transport (FC-CT) defines methods to digitally sign and authenticate message originators for FC-CT services messages—however this does not apply to user data.
• The FC specifications define a key distribution server that can be used to generate secure keys. This could theoretically be used to build a variety of authentication or encryption services.
• The FC-3 layer is designed to be expandable, and can support authentication or encryption services.
However, these options have not been widely implemented because there is a lack of perceived threat.