【作者】 杨建兵；

【导师】 李小勇； 刘海涛；

【作者基本信息】 上海交通大学 ， 计算机应用， 2007， 硕士

【摘要】 网络存储时代被称为第三次IT浪潮。网络存储在近10年的时间内发展迅速,日益应用到各个行业;随着网络存储的日益普及,网络存储中的安全问题也日益受到人们的关注。网络存储安全既包括存储网络组件的安全也包括其上数据的安全。本文在分析网络存储安全隐患的基础上,针对目前流行的网络存储技术,网络附加存储、存储区域网络和IP存储,提供了相应的安全防护措施;对海量存储的保护可从几个方面考虑,不论物理方式还是电子方式,对每一个级别的存储,我认为需要采取"深度防御”的安全战略。这种方法并不依赖单一的程序或技术来保护存储,而是将多种保护措施垂直立体密布在涵盖主机设备、网络设备、存储设备的整个水平结构存储网络中,如:(1)SAN的存储访问保护功能:逻辑单元数(LUN)、掩码(masking)和分区是通常使用的技术,用来确保只有得到授权的服务器,才能访问指定的存储阵列;(2)利用系统根盘镜像、双机集群、RAID级别、冗余路径和远程灾备的多种数据保护手段,与灵活的备份方案相配合,利用一种“零停机时间备份”,对不能停机的关键业务数据备份效果很好。(3)最后,我建议采用适当的存储网络评估表格,对指定存储环境的技术和设备进行评估,以确定薄弱环节加以增强。由于这个课题属于IT业新兴技术热点之一,难度较大,各种类型存储技术本身具有较高的技术研究与实现难度,又涉及存储、网络、主机安全多方面大量技术内容,故本文旨在对存储安全技术进行某些角度的有效务实、力所能及的分析研究。通过对现有各种网络存储架构及安全问题大量资料的研究,参考该技术领域未来的发展趋势与方向,分析总结各种危及数据安全活动的对策,发现能够有效增强现有存储体系数据保护性能的安全规划方法及评估策略。更多还原

【Abstract】 Network storage time is called the third IT tide. The network storage technology has developed rapidly in the nearly 10 years, and has been applied to each profession. With the popular of the network storage, the security of network storage has been attended day by day. The security of the network storage includes the security of storage network and the data on the storage network.In this paper, after analyzing the risks and threats of the network storage, we provide the protect measures for the common network storage technology such as Network Attached Storage, Storage Area Network and the IP Storage. For the great capacity storage’s protection, either physical side or electrical side, I think it needs“Deep Defence”secure stratagem for the every level storage. This way doesn’t depend on simplex program or safeguard densely covering the whole storage network including host and network device and storage device, such as :(1) SAN storage protect function: Logical Unit Number, Masking and Zone are the common secure technology in order to authenticate the hosts that have authorization to access special storage disk array.(2) Data safeguard method: I design it with system root disk mirror, HA cluster, RAID level, redundancy path and remote mischance backup. It should cooperate with agile backup policy. I discover a backup way without business down time. It’s effective for the never stop business.(3) At last, I suggest often evaluate SAN security with certain evaluation way such as two my creating SAN security evaluation matrix table. Then we can promote the related point security level according to the evaluation result.(4) The thesis subject, storage security, in one of the intedning IT hospots. It is very challenge to research and delivery, because it relates to storage and network and server security technology. Refer to myself limited experience and energy, the paper just focus on the actual field in my power. Through study plenty of storage security reference and developmental trend, I analyse all kinds of data security problem’s countermeasure and evaluation methods.更多还原