SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: Security Use Requirements



    
    
    Bernard,
    
    Both IPSec and TLS will be in the standard.   As we are talking about
    speeds that will be in excess of 1GBs even on modest disk controllers we
    where all hesitant if to make anything in this category mandatory to
    implement today.
    
    We assume that all those who require security beyond CRC and session
    authentication will pay for and get it.  However those that build a Storage
    Area Newtork within a small enterprise completely isolated from the
    internet will not have to pay for what they do not need.
    
    Regards,
    Julo
    
    "Bernard D. Aboba" <aboba@internaut.com> on 06/02/2001 15:52:52
    
    Please respond to "Bernard D. Aboba" <aboba@internaut.com>
    
    To:   Julian Satran/Haifa/IBM@IBMIL
    cc:   Black_David@emc.com, ips@ece.cmu.edu, RJ Atkinson <rja@inet.org>,
          "Smb@Research. Att. Com" <smb@research.att.com>, Ofer
          Biran/Haifa/IBM@IBMIL
    Subject:  RE: Security Use Requirements
    
    
    
    
    > deployment at 1" - with CRCs mandatory to implement (optional to use) and
    > all the rest is optional to use and implement.
    
    CRCs only provide integrity protection, but not authentication since they
    are not keyed. Thus, it provides no protection against spoofing
    attacks. Even if the CRC is non-linear, it is not hard to build
    a device that will change packets on the fly without fear of detection. The
    TCP checksum is non-linear but it can be guessed right about half the
    time.
    
    An example of the kinds of attacks that are possible is found at:
    http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html. I'm sure the
    folks at Berkeley will be happy to provide an equivalent analysis for
    iSCSI.
    
    Do you really want to enable attackers to insert or change data destined
    a SAN disk at will? Even if the iSCSI SAN is using linklocal addressing,
    and therefore is not accessible from the Internet, there is still risk from
    internal attack.
    
    A more reasonable approach would be to require at least authentication
    and integrity protection (e.g. IPSEC AH or ESP null).
    
    
    
    


Home

Last updated: Tue Sep 04 01:05:35 2001
6315 messages in chronological order