S 4.275 Secure operation of storage systems

Initiation responsibility: IT Security Officer, Head of IT

Implementation responsibility: Administrator

A storage system normally operates autonomously for the most part without requiring intervention by the operating personnel. Some safeguards must be taken in order to ensure operations, though, if the functionalities of a storage system must be available without any problems. The monitoring of operations is implemented by a management system (see S 2.359 Monitoring and administration of storage systems).

Monitoring

• Applications, system programs
  
  It must be ensured that utility programs such as schedulers which control the automatic data backup process and anti-virus software run without problems.
• Capacity control and system load
  
  It must be ensured that the capacity limits of storage devices are not exceeded and that bottlenecks on storage systems or in the storage network are detected early enough so that countermeasures can be taken.
• Monitoring critical events
  The integrity of settings critical to security and the observance of security policies must be monitored. Events violating essential security rules must be displayed prominently.

• Reducing the number of system messages
  
  The number of system messages should be reduced in such a way that only those messages that are actually important are displayed.

Organisational safeguards

In order to permit changes and maintenance work requiring a disruption of operations to be performed on a storage system, maintenance windows must be defined.

No maintenance work affecting production must be performed outside of the maintenance window on a running storage system, nor should any changes be made outside of the maintenance window. All changes, whether planned or unplanned, must be co-ordinated with all involved specialists responsible using a change management procedure. The change plan should be archived for tracking purposes.

Firmware or operating system updates to storage systems and network components of a SAN in particular should only be performed inside a maintenance window.

The documentation of changes to the configuration or to the internal software of the storage system absolutely must be kept up to date. In particular, this documentation must clarify how to handle problems and emergency situations, and must be easily accessible.

The log files of the components used to backup and archive the data must be checked, especially after changing the system configuration. Unscheduled tests to check whether the data can be restored from the backup must be performed (see also S 6.22 Sporadic checks of the restorability of backups).

Securing the system administration

The management system for the storage system is to be secured in such a way that access by unauthorised users is impossible.

Review questions:

• Is the operation of service programs which access the storage system trouble-free?
• Are the capacity limits of the storage system identified and not exceeded and are countermeasures taken in the event of bottlenecks?
• Are security-critical settings and the compliance with security specifications monitored and are violations reported?
• Are only important system messages displayed?
• Are changes only performed with the help of a change management procedure?
• Are changes only performed during defined maintenance windows and can the changes be comprehended in an emergency due to a change plan?