A second storage conventionally authenticates a host computer, but this is weak in a disguise attack. Further, since there is provided only an option of two ways: connection authorization and connection rejection, an intrusion into the host computer directly leads to destruction of data in the second storage. Therefore, a plurality of network transportation ports are provided and connected to different networks, respectively, and an access right to data in a second storage is specified for the transportation port. Furthermore, it can be specified whether or not the access for each I/O command is authorized.