Valdis.Kletnieks@vt.edu: Re: Storage over Ethernet/IP

[Dave Nagle <bassoon@yogi.ece.cmu.edu>]

------- Forwarded Message

Date:    Fri, 26 May 2000 11:35:54 -0400
From:    Valdis.Kletnieks@vt.edu
To:      Brian.Rubarts@born.com
cc:      moore@CS.UTK.EDU, ietf@ietf.org
Subject: Re: Storage over Ethernet/IP 

On Fri, 26 May 2000 10:14:03 CDT, Brian.Rubarts@born.com said:
> A network server will still authenticate user requests.  Only the host
> needs to be authenticated with the disk/disks.

Hmm.  

Isn't this security model the cause of most grumbling regarding NFS security?

> If the larger network that is employing this technology doesn't hire a decent
> consultant, you might be right.  If they do, it will ALWAYS be behind a firewall :-)

Double Hmm.. 

Odd.. I thought we had a clue about security.  The guys at SANS just
gave us a 'Technology Leadership Award'.  I just walked across the hallway,
and I didn't see any firewall in our router swamp.

I guess because we don't have a firewall, we don't have a clue.  Or because
we don't have a firewall, we can't deploy this technology.  Somehow, that
doesn't smell right.

> the server and storage devices could be in a VLAN or something to deny direct hack 
> attempts against the storage device, but the chink in the armor is how hardened is
> your OS?

If your OS is hardened enough, a firewall may not be appropriate.

"New from Kellogs - Firewalls cereal - part of this *COMPLETE* and *BALANCED*
security breakfast".
- -- 
				Valdis Kletnieks
				Operating Systems Analyst
				Virginia Tech


------- End of Forwarded Message