SAN Security Protocols and Mechanisms
endpoints can be determined, the true source and destination endpoints cannot be determined because the information in the original IP header has been encrypted. This is illustrated in Exhibit 12.
SAN Security Protocols and Mechanisms
Transport Modę
|-«H- May BeEnciypted—*•]
Exhibit 12: IPsec Transport and Tunnel Modę
With IPsec, data can be transmitted across a public network without fear of observation, modification, or spoofing. This enables applications such as Virtual Private Networks (VPNs), including intranets, extranets, remote user access, and remote transport of storage over IP.
The IETF's draft RFC is dictating IPsec and IKE to be used with the IP based storage protocols to provide secure private exchanges at the IP layer. In order to be compliant, an IP storage network element must follow up the specifications and implement IPsec tunnel modę with the ESP where confidentiality is obtained by encrypting the IPsec tunnel using 3DES or optionally AES in cipher błock chaining (CBC) modę, integrity checking is done via using SHA-1 and node authentication is done via IKE using pre-shared key or digital certificates.
4.2.2 iSCSI Security Mechanisms
iSCSI draft RFC specifies that although technically possible, iSCSI should not be used without security mechanisms except only in closed environments without any security risk. Security mechanisms defined in the draft standard are the following:
• in-band authentication between the initiator and the target at the iSCSI connection level,
• per packet protection (integrity, authentication, and confidentiality) by IPsec at the IP level.
iSCSI protocol specification defmes that during login, the target must authenticate the initiator and the initiator may authenticate the target, which means that mutual authentication is optional but not mandatory. The authentication is performed on every new iSCSI connection during the login process with a chosen authentication method. The authentication method cannot assume an underlying IPsec protection, because IPsec is optional to use and an attacker should gain as little advantage as possible by inspecting the authentication process. Due to listed reąuirements, chosen authentication method for iSCSI protocol is Challenge Handshake Authentication Protocol (CHAP). The authentication mechanism protects against an unauthorized login to storage resources by using a false identity (spoofing). Once the authentication phase is completed, if the underlying IPsec is not used, all following messages are sent and received in elear. The authentication mechanism alone, without underlying IPsec, should only be used when there is no risk of eavesdropping, message insertion, deletion, modification, and replaying.