SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    Fwd: BOUNCE ips@ece.cmu.edu: Non-member submission from [Brian Pawlowski <beepy@netapp.com>]


    • To: ips@ece.cmu.edu
    • Subject: Fwd: BOUNCE ips@ece.cmu.edu: Non-member submission from [Brian Pawlowski <beepy@netapp.com>]
    • From: Jim McKinney <jmck+@ece.cmu.edu>
    • Date: Thu, 2 Aug 2001 07:27:27 -0400 (EDT)
    • Content-Type: text/plain; charset=US-ASCII
    • References: <200108020447.f724lUF03178@ece.cmu.edu>
    • Sender: owner-ips@ece.cmu.edu

    From: Brian Pawlowski <beepy@netapp.com>
    Message-Id: <200108020447.VAA02871@tooting-fe.eng.netapp.com>
    Subject: Re: Security Gateways
    In-Reply-To: <200108020206.f7226He27045@ece.cmu.edu> from Jim McKinney at "Aug 1, 1 10:06:17 pm"
    To: jmck+@ece.cmu.edu (Jim McKinney)
    Date: Wed, 1 Aug 2001 21:47:20 -0700 (PDT)
    Cc: ips@ece.cmu.edu
    X-Mailer: ELM [version 2.4ME++ PL40 (25)]
    MIME-Version: 1.0
    Content-Type: text/plain; charset=US-ASCII
    Content-Transfer-Encoding: 7bit
    
    > 2)  Concerning market requirements:
    > 
    > A very high percentage of storage environments today manage
    > their configurations very carefully.  Such careful management is
    > necessary to guarantee redundant paths for proper availability,
    > to provide sufficient paths to provide the required performance, and to
    > guarantee known paths to improve reparability and consistency
    > of behavior.  As a side effect, a very high percentage of
    > the paths of a storage environment are physically secured and have
    > no requirement for additional security mechanisms.  
    
    I've often mused that storage environments today based on FC are
    physically secure as an artifact of the severe deployment restrictions
    that the technology itself supports.
    
    Replacing FC deployments with TCP/IP-based networks blows these
    assumptions.
    
    After years in the insecure wilderness within NFS, and the inability
    to count on strong security from all vendors removing a motivation
    to even invest in it (it was optional), the movement in NFS Version 4
    to strong security was a key component of the evolution wrought since
    it was handed to the IETF.
    
    I look back on our lack of commitment to providing interoperable,
    manadatory to implement (optional to enable) strong security as being
    one of the greatest failures in NFS - that is finally being corrected.
    
    It is certainly sobering when your PC on your desktop provides stronger
    security guarantees in a simple network when it accesses data on some
    server (CIFS) than you are guaranteed (through mandatory to implement)
    in your enterprise class storage network. 
    
    beepy
    
    
    


Home

Last updated: Tue Sep 04 01:04:07 2001
6315 messages in chronological order