RE: Outboard Tunnel Mode

To: dfhepner@us.ibm.com
Subject: RE: Outboard Tunnel Mode
From: Black_David@emc.com
Date: Tue, 18 Dec 2001 10:25:12 -0500
Cc: ips@ece.cmu.edu
Content-Type: text/plain;charset="iso-8859-1"
Sender: owner-ips@ece.cmu.edu

The assumption that all (or even the most serious) security
threats originate from outside the firewall is incorrect, and
the analogy with motorcycle helmet laws is badly flawed.
Further discussion on this issue is discouraged.

Thanks,
--David

---------------------------------------------------
David L. Black, Senior Technologist
EMC Corporation, 42 South St., Hopkinton, MA  01748
+1 (508) 435-1000            FAX: +1 (508) 497-8500
black_david@emc.com       Mobile: +1 (978) 394-7754
---------------------------------------------------

> -----Original Message-----
> From: David F Hepner [mailto:dfhepner@us.ibm.com]
> Sent: Monday, December 17, 2001 5:06 PM
> To: John Hufferd
> Cc: VAHUJA@aol.com; ips@ece.cmu.edu
> Subject: Re: Outboard Tunnel Mode
> 
> 
> 
> With most corporations security at the corporate firewall is a MUST no
> mater what is done at the machine I/O.   With Security 
> functions a MUST for
> iSCSI, an installation will pay for security twice and only 
> use it once.
> Why pay for security at every I/O when the corporation 
> mandates it at the
> edge?
> This seems like motorcycle helmet laws.  Why mandate something that a
> reasonable person would do any way?
> 
> David
> 
> ------------------------------------------------------
> David F. Hepner                     WA7UHT
> dfhepner@us.ibm.com
> IBM SSG San Jose, CA
> (408) 256-4981  Fax (408) 256-6214
> Tie Line 8-276-4981
> -----------------------------------------------------
> 
> 
> John Hufferd/San Jose/IBM@IBMUS@ece.cmu.edu on 12/17/2001 11:13:00 AM
> 
> Sent by:    owner-ips@ece.cmu.edu
> 
> 
> To:    VAHUJA@aol.com
> cc:    ips@ece.cmu.edu
> Subject:    Re: Outboard Tunnel Mode
> 
> 
> 
> 
> Installations can do what ever they want.  The Security 
> functions are must
> implement, NOT must use.
> 
> .
> .
> .
> John L. Hufferd
> Senior Technical Staff Member (STSM)
> IBM/SSG San Jose Ca
> Main Office (408) 256-0403, Tie: 276-0403,  eFax: (408) 904-4688
> Home Office (408) 997-6136, Cell: (408) 499-9702
> Internet address: hufferd@us.ibm.com
> 
> 
> VAHUJA@aol.com@ece.cmu.edu on 12/17/2001 10:09:10 AM
> 
> Sent by:  owner-ips@ece.cmu.edu
> 
> 
> To:   ips@ece.cmu.edu
> cc:
> Subject:  Outboard Tunnel Mode
> 
> 
> 
> Folks,
> 
> May be I missed something in SLC meeting.  I can expect several
> implementations of iSCSI not include any security.Reason - I 
> can see that
> customers would often rely on the company's existing VPNs 
> (outboard Router
> etc) to protect their data (storage or otherwise) over IP 
> networks. From a
> CIO's viewpoint, this approach may make more sense than extending yet
> another
> layer of IPSec into its servers just for storage data.
> 
>  It is not clear to me from the standard if it will be a 
> non-compliance of
> iSCSI standard. If so, we may potentially have many non-compliances.
> 
> 
> 
> 
> 
> 
>

Prev by Date: RE: iSCSI: Outboard Tunnel Mode
Next by Date: RE: iSCSI: Outboard Tunnel Mode
Prev by thread: RE: Outboard Tunnel Mode
Next by thread: RE: effect of initializing CRC reg to 1's depends on implementati on? iSCSI
Index(es):
- Date
- Thread

Home

Last updated: Tue Dec 18 11:17:47 2001
8131 messages in chronological order