SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    Re: Outboard Tunnel Mode



    
    With most corporations security at the corporate firewall is a MUST no
    mater what is done at the machine I/O.   With Security functions a MUST for
    iSCSI, an installation will pay for security twice and only use it once.
    Why pay for security at every I/O when the corporation mandates it at the
    edge?
    This seems like motorcycle helmet laws.  Why mandate something that a
    reasonable person would do any way?
    
    David
    
    ------------------------------------------------------
    David F. Hepner                     WA7UHT
    dfhepner@us.ibm.com
    IBM SSG San Jose, CA
    (408) 256-4981  Fax (408) 256-6214
    Tie Line 8-276-4981
    -----------------------------------------------------
    
    
    John Hufferd/San Jose/IBM@IBMUS@ece.cmu.edu on 12/17/2001 11:13:00 AM
    
    Sent by:    owner-ips@ece.cmu.edu
    
    
    To:    VAHUJA@aol.com
    cc:    ips@ece.cmu.edu
    Subject:    Re: Outboard Tunnel Mode
    
    
    
    
    Installations can do what ever they want.  The Security functions are must
    implement, NOT must use.
    
    .
    .
    .
    John L. Hufferd
    Senior Technical Staff Member (STSM)
    IBM/SSG San Jose Ca
    Main Office (408) 256-0403, Tie: 276-0403,  eFax: (408) 904-4688
    Home Office (408) 997-6136, Cell: (408) 499-9702
    Internet address: hufferd@us.ibm.com
    
    
    VAHUJA@aol.com@ece.cmu.edu on 12/17/2001 10:09:10 AM
    
    Sent by:  owner-ips@ece.cmu.edu
    
    
    To:   ips@ece.cmu.edu
    cc:
    Subject:  Outboard Tunnel Mode
    
    
    
    Folks,
    
    May be I missed something in SLC meeting.  I can expect several
    implementations of iSCSI not include any security.Reason - I can see that
    customers would often rely on the company's existing VPNs (outboard Router
    etc) to protect their data (storage or otherwise) over IP networks. From a
    CIO's viewpoint, this approach may make more sense than extending yet
    another
    layer of IPSec into its servers just for storage data.
    
     It is not clear to me from the standard if it will be a non-compliance of
    iSCSI standard. If so, we may potentially have many non-compliances.
    
    
    
    
    
    
    
    


Home

Last updated: Tue Dec 18 11:17:48 2001
8131 messages in chronological order