|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: Security ConsiderationsJim McGrath wrote: > > My impression (which I admit could be quite mistaken) is that we may be on a > path of requiring a higher level of security for iSCSI than is warranted by > alternative protocols. Of course, enhancing security has its value, but > since SCSI starts off with essentially no security, iSCSI is a poor protocol > upon which to require lots of security. > I've quoted below portions of section 5 of "Guidelines for Writing RFC Text on Security Considerations". My email is was intended as a start to the "due diligence" process. While it is not a requirement that any given protocol or system be immune to all forms of attack, it is still necessary for authors to consider them. Part of the purpose of the Security Considerations section is to explain what attacks are out of scope and what counter- measures can be applied to defend against them. There should be a clear description of the kinds of threats on the described protocol or technology. This should be approached as an effort to perform "due diligence" in describing all known or foresee- able risks and threats to potential implementers and users. At least the following forms of attack MUST be considered: eavesdrop- ping, replay, message insertion, deletion, modification, and man-in- the-middle. Potential denial of service attacks MUST be identified as well. David Robinson wrote: > The benchmark that iSCSI will have to meet is what is being done > in the NFSv4 WG. Using the ONCRPC WG mechanisms based on GSSAPI > and RPCSEC_GSS they provide authentication, integrity, and privacy > using one of two manditory to implement mechanisms, Kerberos V5 > and LIPKEY. > > I suspect that if iSCSI doesn't address security to provide similar > capabilities it will not pass muster. Of course the security should > always be able to be negotiated to the desired levels. I agree on the pass muster comment. I also agree on the negotiating of security level. Hence, the 3 layer model of no security, connection-oriented authentication on logins (thanks to Brent on the distinction), and encryption. Luciano Dalle Oro pointed out that IPsec provides excellent data integrity in addition to security. Paul
Home Last updated: Tue Sep 04 01:08:09 2001 6315 messages in chronological order |