SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: Security Considerations



    
    Jim McGrath writes:
    > For reference, what security is present today for NAS class products (e.g.
    > those typically using a higher level protocol like NFS rather than SCSI)?
    
    NFS uses security mechanisms defined in the underlying RPC layer.
    
    Most NFS users use UNIX "trusted host" security because it's easy
    to administer and almost zero overhead - though it also provides
    almost zero security.
    
    There's also mechanisms that use Kerberos or Diffie-Hellman public
    keys to exchange DES keys.  For details, see RFC's 2695 and 2623.
    
    A unique feature of these higher-level protocols is that they
    authenticate end-users, so it's done per request rather than
    per connection.  An NFS server can have requests coming in
    from multiple users over a single TCP connection from a 
    multi-user client.
    
    However, iSCSI will be authenticating nodes rather than users,
    so connection-oriented security would be more appropriate, e.g.
    IPSEC, SKIP, TLS, etc.
    
    	Brent
    


Home

Last updated: Tue Sep 04 01:08:10 2001
6315 messages in chronological order