A method for the binary zoning of a Storage Area Network (SAN) for security is disclosed, for a SAN with physical devices consisting of a first array of hosts (1) and a second array of storage devices (4), and a SAN Switch (2, 2A) coupled intermediate the hosts and the storage devices. The SAN Switch routes I/O commands and accepts zoning commands. The method is based on starting operation of the SAN with mutually isolated physical devices and accepting zoning commands only after running security verification procedures requiring that hosts be authenticated and that storage devices be identified. Zoning is dynamically controlled from a workstation (8) operated by a System Administrator entering meta-zoning instructions which are used to automatically program the zoning of the SAN Switch for legitimate physical devices. The method is implemented for security and booting of a SAN.