|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: Outboard Tunnel ModeThe assumption that all (or even the most serious) security threats originate from outside the firewall is incorrect, and the analogy with motorcycle helmet laws is badly flawed. Further discussion on this issue is discouraged. Thanks, --David --------------------------------------------------- David L. Black, Senior Technologist EMC Corporation, 42 South St., Hopkinton, MA 01748 +1 (508) 435-1000 FAX: +1 (508) 497-8500 black_david@emc.com Mobile: +1 (978) 394-7754 --------------------------------------------------- > -----Original Message----- > From: David F Hepner [mailto:dfhepner@us.ibm.com] > Sent: Monday, December 17, 2001 5:06 PM > To: John Hufferd > Cc: VAHUJA@aol.com; ips@ece.cmu.edu > Subject: Re: Outboard Tunnel Mode > > > > With most corporations security at the corporate firewall is a MUST no > mater what is done at the machine I/O. With Security > functions a MUST for > iSCSI, an installation will pay for security twice and only > use it once. > Why pay for security at every I/O when the corporation > mandates it at the > edge? > This seems like motorcycle helmet laws. Why mandate something that a > reasonable person would do any way? > > David > > ------------------------------------------------------ > David F. Hepner WA7UHT > dfhepner@us.ibm.com > IBM SSG San Jose, CA > (408) 256-4981 Fax (408) 256-6214 > Tie Line 8-276-4981 > ----------------------------------------------------- > > > John Hufferd/San Jose/IBM@IBMUS@ece.cmu.edu on 12/17/2001 11:13:00 AM > > Sent by: owner-ips@ece.cmu.edu > > > To: VAHUJA@aol.com > cc: ips@ece.cmu.edu > Subject: Re: Outboard Tunnel Mode > > > > > Installations can do what ever they want. The Security > functions are must > implement, NOT must use. > > . > . > . > John L. Hufferd > Senior Technical Staff Member (STSM) > IBM/SSG San Jose Ca > Main Office (408) 256-0403, Tie: 276-0403, eFax: (408) 904-4688 > Home Office (408) 997-6136, Cell: (408) 499-9702 > Internet address: hufferd@us.ibm.com > > > VAHUJA@aol.com@ece.cmu.edu on 12/17/2001 10:09:10 AM > > Sent by: owner-ips@ece.cmu.edu > > > To: ips@ece.cmu.edu > cc: > Subject: Outboard Tunnel Mode > > > > Folks, > > May be I missed something in SLC meeting. I can expect several > implementations of iSCSI not include any security.Reason - I > can see that > customers would often rely on the company's existing VPNs > (outboard Router > etc) to protect their data (storage or otherwise) over IP > networks. From a > CIO's viewpoint, this approach may make more sense than extending yet > another > layer of IPSec into its servers just for storage data. > > It is not clear to me from the standard if it will be a > non-compliance of > iSCSI standard. If so, we may potentially have many non-compliances. > > > > > > >
Home Last updated: Tue Dec 18 11:17:47 2001 8131 messages in chronological order |