RE: SAN storage & firewalls

["Stefan Norberg" <stefan () orbisec com>]

Phil,

Many vendors provide software that can reconfigure FC switches and
repartition FC disk arrays over the SAN. Some SAN equipment do talk IP too.
And it isn't automatically safe because it's not IP. If that was the case
then everyone would run IPX or SNA to the backend systems and declare it
safe.

Stefan Norberg

-----Original Message-----
From: firewall-wizards-admin () nfr com
[mailto:firewall-wizards-admin () nfr com]On Behalf Of Phil Burg
Sent: den 18 september 2001 02:42
To: firewall-wizards () nfr net
Subject: [fw-wiz] SAN storage & firewalls


Folks

an e-commerce proposal has reared its head in here, where a
SQLServer 2000 box will be deployed to back-end an Internet-
facing e-commerce environment.  The SQL box will be firewalled
off from my production network, in accordance with our published
security standards - no problem there.

The issue is that the developer wants to use our company's
storage area network instead of local disk for the SQL box.
The storage guys here don't believe there's any way a compromise
can occur, since there's no IP connectivity.  While I can't think
how you would attack the internal network this way, it still gets
my hackles up on principle.

Does anyone have any practical information, either pro or con,
about this idea ?

thanks
Phil

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards