SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: Security Considerations



    
    Jim McGrath wrote:
    > 
    > My impression (which I admit could be quite mistaken) is that we may be on
    a
    > path of requiring a higher level of security for iSCSI than is warranted
    by
    > alternative protocols.  Of course, enhancing security has its value, but
    > since SCSI starts off with essentially no security, iSCSI is a poor
    protocol
    > upon which to require lots of security.
    >
     
    I've quoted below portions of section 5 of "Guidelines for Writing RFC Text
    on Security
    Considerations". My email is was intended as a start to the "due diligence"
    process.
    
       While it is not a requirement that any given protocol or system be
       immune to all forms of attack, it is still necessary for authors to
       consider them. Part of the purpose of the Security Considerations
       section is to explain what attacks are out of scope and what counter-
       measures can be applied to defend against them.
    
       There should be a clear description of the kinds of threats on the
       described protocol or technology.  This should be approached as an
       effort to perform "due diligence" in describing all known or foresee-
       able risks and threats to potential implementers and users.
    
       At least the following forms of attack MUST be considered: eavesdrop-
       ping, replay, message insertion, deletion, modification, and man-in-
       the-middle. Potential denial of service attacks MUST be identified as
       well.
    
    David Robinson wrote:
    > The benchmark that iSCSI will have to meet is what is being done
    > in the NFSv4 WG.  Using the ONCRPC WG mechanisms based on GSSAPI
    > and RPCSEC_GSS they provide authentication, integrity, and privacy
    > using one of two manditory to implement mechanisms, Kerberos V5
    > and LIPKEY.
    > 
    > I suspect that if iSCSI doesn't address security to provide similar
    > capabilities it will not pass muster. Of course the security should
    > always be able to be negotiated to the desired levels.
    
    I agree on the pass muster comment. I also agree on the negotiating of
    security level. Hence, the 3 layer model of no security, connection-oriented
    authentication on logins (thanks to Brent on the distinction), and
    encryption. Luciano Dalle Oro pointed out that IPsec provides excellent data
    integrity in addition to security.
    
    Paul
    


Home

Last updated: Tue Sep 04 01:08:09 2001
6315 messages in chronological order