Attack prevention methods:
1- LUN masking: When we separate a unit from the hard drive, it tells LUN that when LUN masking is run, we determine which LUN server to access.
Each server has a SAN network card called HBA. (Host Bus Adapter) This network card is connected to the Fiber Channel Switch. The HBA networks have a physical address, which tells WWN that for each WWN, we can determine which LUNs to access. This method is not very sure because, as MAC is forged, WWN can also be fake.
2- SAN Zoning: In this method, we will disassemble the disks, for example, disks 1 and 4 in a zone, and disks 2, 3 and 5 in a Zone. Then, we determine which servers to access which zones.
There are two soft and hard methods:
- SAN Zoning is done on the switch itself.
- LUN Masking on your SAN.
Cisco proposes to combine Vsan with zoning for more security. We also have an authentication that prevents unauthorized access even if it has forged a WWN