RE: Security Use Requirements

To: julian_satran@il.ibm.com
Subject: RE: Security Use Requirements
From: "Bernard D. Aboba" <aboba@internaut.com>
Date: Tue, 6 Feb 2001 05:52:52 -0800 (GMT-0800)
Cc: Black_David@emc.com, ips@ece.cmu.edu, RJ Atkinson <rja@inet.org>, "Smb@Research. Att. Com" <smb@research.att.com>, biran@il.ibm.com
Content-Type: TEXT/PLAIN; charset=US-ASCII
In-Reply-To: <C12569EB.00265039.00@d12mta02.de.ibm.com>
Sender: owner-ips@ece.cmu.edu

> deployment at 1" - with CRCs mandatory to implement (optional to use) and
> all the rest is optional to use and implement.

CRCs only provide integrity protection, but not authentication since they 
are not keyed. Thus, it provides no protection against spoofing 
attacks. Even if the CRC is non-linear, it is not hard to build 
a device that will change packets on the fly without fear of detection. The 
TCP checksum is non-linear but it can be guessed right about half the 
time. 

An example of the kinds of attacks that are possible is found at:
http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html. I'm sure the
folks at Berkeley will be happy to provide an equivalent analysis for
iSCSI. 

Do you really want to enable attackers to insert or change data destined 
a SAN disk at will? Even if the iSCSI SAN is using linklocal addressing, 
and therefore is not accessible from the Internet, there is still risk from 
internal attack. 

A more reasonable approach would be to require at least authentication 
and integrity protection (e.g. IPSEC AH or ESP null).

Prev by Date: RE: Security Use Requirements
Next by Date: RE: iSCSI : Abort Task "connection allegiance"
Prev by thread: RE: Security Use Requirements
Next by thread: RE: Security Use Requirements
Index(es):
- Date
- Thread

Home

Last updated: Tue Sep 04 01:05:35 2001
6315 messages in chronological order