The foundation of enterprise risk analysis is the threat model which defines the points of attack and the methods of attack at each point. This paper investigates risk and common security threats against storage area networks (SANs). Risk can be managed to acceptable levels with proper countermeasuring, reducing the probability of an attack and preventing attacks or mistakes that can cause downtime or financial harm.

    To help ensure the security of a SAN, the enterprise needs to guard against such threats as unauthorized access, spoofing and sniffing. These threats may come from multiple locations from physical interfaces or users at the application level. They can be unintentional or malicious, small or large in scale.

    This paper will discuss threats, risks, and the countermeasures that can be taken to mitigate the vulnerability of the enterprise SAN.