SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: Outboard Tunnel Mode



    The assumption that all (or even the most serious) security
    threats originate from outside the firewall is incorrect, and
    the analogy with motorcycle helmet laws is badly flawed.
    Further discussion on this issue is discouraged.
    
    Thanks,
    --David
    
    ---------------------------------------------------
    David L. Black, Senior Technologist
    EMC Corporation, 42 South St., Hopkinton, MA  01748
    +1 (508) 435-1000            FAX: +1 (508) 497-8500
    black_david@emc.com       Mobile: +1 (978) 394-7754
    ---------------------------------------------------
    
    > -----Original Message-----
    > From: David F Hepner [mailto:dfhepner@us.ibm.com]
    > Sent: Monday, December 17, 2001 5:06 PM
    > To: John Hufferd
    > Cc: VAHUJA@aol.com; ips@ece.cmu.edu
    > Subject: Re: Outboard Tunnel Mode
    > 
    > 
    > 
    > With most corporations security at the corporate firewall is a MUST no
    > mater what is done at the machine I/O.   With Security 
    > functions a MUST for
    > iSCSI, an installation will pay for security twice and only 
    > use it once.
    > Why pay for security at every I/O when the corporation 
    > mandates it at the
    > edge?
    > This seems like motorcycle helmet laws.  Why mandate something that a
    > reasonable person would do any way?
    > 
    > David
    > 
    > ------------------------------------------------------
    > David F. Hepner                     WA7UHT
    > dfhepner@us.ibm.com
    > IBM SSG San Jose, CA
    > (408) 256-4981  Fax (408) 256-6214
    > Tie Line 8-276-4981
    > -----------------------------------------------------
    > 
    > 
    > John Hufferd/San Jose/IBM@IBMUS@ece.cmu.edu on 12/17/2001 11:13:00 AM
    > 
    > Sent by:    owner-ips@ece.cmu.edu
    > 
    > 
    > To:    VAHUJA@aol.com
    > cc:    ips@ece.cmu.edu
    > Subject:    Re: Outboard Tunnel Mode
    > 
    > 
    > 
    > 
    > Installations can do what ever they want.  The Security 
    > functions are must
    > implement, NOT must use.
    > 
    > .
    > .
    > .
    > John L. Hufferd
    > Senior Technical Staff Member (STSM)
    > IBM/SSG San Jose Ca
    > Main Office (408) 256-0403, Tie: 276-0403,  eFax: (408) 904-4688
    > Home Office (408) 997-6136, Cell: (408) 499-9702
    > Internet address: hufferd@us.ibm.com
    > 
    > 
    > VAHUJA@aol.com@ece.cmu.edu on 12/17/2001 10:09:10 AM
    > 
    > Sent by:  owner-ips@ece.cmu.edu
    > 
    > 
    > To:   ips@ece.cmu.edu
    > cc:
    > Subject:  Outboard Tunnel Mode
    > 
    > 
    > 
    > Folks,
    > 
    > May be I missed something in SLC meeting.  I can expect several
    > implementations of iSCSI not include any security.Reason - I 
    > can see that
    > customers would often rely on the company's existing VPNs 
    > (outboard Router
    > etc) to protect their data (storage or otherwise) over IP 
    > networks. From a
    > CIO's viewpoint, this approach may make more sense than extending yet
    > another
    > layer of IPSec into its servers just for storage data.
    > 
    >  It is not clear to me from the standard if it will be a 
    > non-compliance of
    > iSCSI standard. If so, we may potentially have many non-compliances.
    > 
    > 
    > 
    > 
    > 
    > 
    > 
    


Home

Last updated: Tue Dec 18 11:17:47 2001
8131 messages in chronological order