7. Use all available LAN security tools. e.g. VLANs, IPSec 8. Restrict access to management configuration functions. Control access to all unused ports and ensure that ports must be enabled before use so that devices are not automatically added to a zone. Use hard zoning in preference to soft zoning.
9. Only install software and firmware from authorized sources and never install software when the device is on a production SAN. Before upgrade, swap out devices to an isolated SAN. Configure storage devices not to accept automatic firmware upgrades.
10. Always change default passwords before equipment is connected to a production SAN. Ensure strong passwords are required by policy and educate key personnel as to their importance.
11. Monitor the storage environment. 12. Stop external attacks. e.g. Denial of Service, Viruses, Trojans etc.
13. Be aware that port zoning has no cryptographic strength or attributes.
Source: SNIA SSIF Best Practices Document 2003:001