|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: Security Gateways> I believe the security requirements for FCIP may be somewhat different > than those for iSCSI. I believe that's true, but that the most important differences are in the area of authentication. FCIP need only concern itself with "machine" authentication, as FCIP is fundamentally connecting two switches. iSCSI is more complex and involves a granularity of authentication finer than "machine" (e.g., one might be authenticating the backup application to the tape drive as opposed to authenticating the server on which the backup application is running). > While it is possible to secure iSCSI end-to-end, > it's not possible to do so for FCIP because of the fact that Fibre Channel > itself has no built-in security protocol. True, but this actually increases the security requirements for FCIP because there's no higher level security available. > A user of FC needs to physically > secure the FC portion of the SAN in any case so the additional physical > security for the FCIP device, or the wire between it and a sec gateway, is > much less of an issue. This looks like violent agreement with what I've written. A system consisting of [FCIP device, cable, security gateway] provides sufficient security to comply with the RFC requirements at the external interface of the gateway. In such a system, it is both highly advisable and feasible to physically secure the (short) cable between the FCIP device and the gateway. Thanks, --David --------------------------------------------------- David L. Black, Senior Technologist EMC Corporation, 42 South St., Hopkinton, MA 01748 +1 (508) 435-1000 x75140 FAX: +1 (508) 497-8500 black_david@emc.com Mobile: +1 (978) 394-7754 ---------------------------------------------------
Home Last updated: Tue Sep 04 01:04:07 2001 6315 messages in chronological order |