Logical Unit Number Masking or LUN masking is an authorization process that makes a Logical Unit Number available to some hosts and unavailable to other hosts.
LUN masking is mainly implemented at the host bus adapter (HBA) level.
The security benefits of LUN masking implemented at HBAs are limited, since with many HBAs it is possible to forge source addresses (WWNs/MACs/IPs) and compromise the access.
When LUN masking is implemented at the storage controller level, the controller itself enforces the access policies to the device and as a result it is more secure.
For example, Windows servers attached to a SAN will, under some conditions, corrupt non-Windows (Unix, Linux, NetWare) volumes on the SAN by attempting to write Windows volume labels to them.