1. Make sure you have identified all interfaces in the SAN.
2. Create a separate network for out-of-band management. If connectivity is required to the corporate LAN, use a firewall or secure router and provide a dedicated remote access facility and appropriate network security tools like VPNs.
3. Maintain a formal set of company best practices for storage security.
4. Protect both data in flight and at rest.
5. Use dedicated user IDs for maintenance access and enforce the use of strong passwords either by policy or by configuration. Use separate credentials for infrastructure configuration.
6. Define zones containing the smallest number of components and use different zonesets for different system loads like out-of-hours backup.
Source: SNIA SSIF Best Practices Document 2003:001