STORAGE AREA NETWORK SYSTEM USING INTERNET PROTOCOL, SECURITY SYSTEM, SECURITY MANAGEMENT PROGRAM, AND STORAGE DEVICE

摘要

PROBLEM TO BE SOLVED: To cancel vulnerability of security in an IP-SAN, and eliminate unauthorized access by spoofing. SOLUTION: Firewalls 23 are installed in servers SV-1 to n of authorized users and storage devices STR-1 to n, and a distributed firewall manager 27 is installed in an IP-SAN for their general management. The distributed firewall manager 27 acquires discovery domain information 29 of an iSNS 21, considers that nodes registered in the iSNS 21 is a regular user's node, and automatically creates security policy by a set of iSCSI name and portal information. The security policy is assigned to all firewalls 23 as a common policy, and performs access control to refuse a TCP connection request itself for unauthorized access. COPYRIGHT: (C)2005,JPO&NCIPI