|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: Security ConsiderationsJim McGrath writes: > For reference, what security is present today for NAS class products (e.g. > those typically using a higher level protocol like NFS rather than SCSI)? NFS uses security mechanisms defined in the underlying RPC layer. Most NFS users use UNIX "trusted host" security because it's easy to administer and almost zero overhead - though it also provides almost zero security. There's also mechanisms that use Kerberos or Diffie-Hellman public keys to exchange DES keys. For details, see RFC's 2695 and 2623. A unique feature of these higher-level protocols is that they authenticate end-users, so it's done per request rather than per connection. An NFS server can have requests coming in from multiple users over a single TCP connection from a multi-user client. However, iSCSI will be authenticating nodes rather than users, so connection-oriented security would be more appropriate, e.g. IPSEC, SKIP, TLS, etc. Brent
Home Last updated: Tue Sep 04 01:08:10 2001 6315 messages in chronological order |