|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: Security Use Requirements> deployment at 1" - with CRCs mandatory to implement (optional to use) and > all the rest is optional to use and implement. CRCs only provide integrity protection, but not authentication since they are not keyed. Thus, it provides no protection against spoofing attacks. Even if the CRC is non-linear, it is not hard to build a device that will change packets on the fly without fear of detection. The TCP checksum is non-linear but it can be guessed right about half the time. An example of the kinds of attacks that are possible is found at: http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html. I'm sure the folks at Berkeley will be happy to provide an equivalent analysis for iSCSI. Do you really want to enable attackers to insert or change data destined a SAN disk at will? Even if the iSCSI SAN is using linklocal addressing, and therefore is not accessible from the Internet, there is still risk from internal attack. A more reasonable approach would be to require at least authentication and integrity protection (e.g. IPSEC AH or ESP null).
Home Last updated: Tue Sep 04 01:05:35 2001 6315 messages in chronological order |