SAN resources must be masked and zoned appropriately.

From VMware ESXi Server 5.0 Security Technical Implementation Guide

Part of SRG-OS-99999-ESXI5

Associated with: CCI-000366

SV-51120r1_rule SAN resources must be masked and zoned appropriately.

Vulnerability discussion

SAN activity must be segregated via zoning and LUN masking. The potential for any SAN client to mount and access any SAN drive will result in disk resource contention and data corruption. Zoning and LUN masking must be used to isolate and protect SAN storage devices. Use of zoning must also take into account any host groups on the SAN device(s).

Check content

Zoning and masking capabilities for each SAN switch and disk array are vendor specific. Ask the SA if a SAN device is used to support hosts. If a SAN device is deployed and zoning/masking is not used, this is a finding. If SAN devices are not used, this is not a finding.

Fix text

If SAN devices are used, a vendor-specific procedure must be developed and documented to mask/zone host LUNs.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer