9818247281

9818247281



SAN Security Protocols and Mechanisms

endpoints can be determined, the true source and destination endpoints cannot be determined because the information in the original IP header has been encrypted. This is illustrated in Exhibit 12.

SAN Security Protocols and Mechanisms

Transport Modę


|-«H- May BeEnciypted—*•]


Exhibit 12: IPsec Transport and Tunnel Modę

With IPsec, data can be transmitted across a public network without fear of observation, modification, or spoofing. This enables applications such as Virtual Private Networks (VPNs), including intranets, extranets, remote user access, and remote transport of storage over IP.

The IETF's draft RFC is dictating IPsec and IKE to be used with the IP based storage protocols to provide secure private exchanges at the IP layer. In order to be compliant, an IP storage network element must follow up the specifications and implement IPsec tunnel modę with the ESP where confidentiality is obtained by encrypting the IPsec tunnel using 3DES or optionally AES in cipher błock chaining (CBC) modę, integrity checking is done via using SHA-1 and node authentication is done via IKE using pre-shared key or digital certificates.

4.2.2 iSCSI Security Mechanisms

iSCSI draft RFC specifies that although technically possible, iSCSI should not be used without security mechanisms except only in closed environments without any security risk. Security mechanisms defined in the draft standard are the following:

•    in-band authentication between the initiator and the target at the iSCSI connection level,

•    per packet protection (integrity, authentication, and confidentiality) by IPsec at the IP level.

iSCSI protocol specification defmes that during login, the target must authenticate the initiator and the initiator may authenticate the target, which means that mutual authentication is optional but not mandatory. The authentication is performed on every new iSCSI connection during the login process with a chosen authentication method. The authentication method cannot assume an underlying IPsec protection, because IPsec is optional to use and an attacker should gain as little advantage as possible by inspecting the authentication process. Due to listed reąuirements, chosen authentication method for iSCSI protocol is Challenge Handshake Authentication Protocol (CHAP). The authentication mechanism protects against an unauthorized login to storage resources by using a false identity (spoofing). Once the authentication phase is completed, if the underlying IPsec is not used, all following messages are sent and received in elear. The authentication mechanism alone, without underlying IPsec, should only be used when there is no risk of eavesdropping, message insertion, deletion, modification, and replaying.



Wyszukiwarka

Podobne podstrony:
SAN Security Protocols and Mechanisms iSCSI enables SCSI-3 commands to be encapsulated in TCP/IP pac
SAN Security Protocols and Mechanisms 10 networks, allowing a commodity IP network to function in a
SAN Security Protocols and Mechanisms 3.3 Access Control and Authentication Another critical aspect
SAN Security Protocols and Mechanisms 12 One host or storage device could also belong to a multiple
SAN Security Protocols and Mechanisms 13 4.1.3 Fibrę Channel Security Protocols To address additiona
SAN Security Protocols and Mechanisms 14 4.1.3.1.2 Fibrę Channel Authentication Protocol Fibrę Chann
SAN Security Protocols and Mechanisms 15 4.1.3.2FC-SP per frame confidentiality and integrity Recogn
SAN Security Protocols and Mechanisms 16 FC-2 Payload: 0-528 Transmission
SAN Security Protocols and Mechanisms 17 •    Data Origin Authentication The IPsec re
SAN Security Protocols and Mechanisms 19 An iSCSI node must also support Internet Key Exchange (IKE)
SAN Security Protocols and Mechanisms_2_ Storage Area Networks Security Protocols and Mechanisms Ind
SAN Security Protocols and Mechanisms 20 6 Futurę directions Storage security is still evolving topi
SAN Security Protocols and Mechanisms Index of Exhibits Exhibit 2: NAS
SAN Security Protocols and Mechanisms Storage Area Networks Security Protocols and Mechanisms 1 Intr
SAN Security Protocols and Mechanisms Storage or shortly NAS. NAS architecture consist of a dedicate
SAN Security Protocols and Mechanisms The invention of a Fibrę Channel (FC) has opened a complete ne
SAN Security Protocols and Mechanisms Exhibit 6: Fibrę Channel Protocol Stack The lowest level (FC-0
SAN Security Protocols and Mechanisms FCIP transports Fibrę Channel data by creating a tunnel betwee

więcej podobnych podstron