|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: Question on iSCSI securityOn Thu, 12 Jun 2003, Williams, Jim wrote: > I am not up to speed on security and IPSec, so > there is probably a simple answer to this. I > would be curious to know what it is. > > > Scenario: > > A is an unwitting initiator, B is a malicious > target, and C is a victim target. > > A attempts to log into B using IPSec. B establishes > IPSec SA with C. B is honest to IKE about its identity. > After establishing SA, B attempts to log into C, but > lies to the iSCSI layer and claims to be A. > B uses classic man-in-the-middle technique to get > A to respond to C's login challenge. If this > works, then B has successfully logged into C > as A. > > There are a number of similar scenarios with the > common thread that the attacker is truthful about > his identity to the IPSec layer, but lies about > his identity to the iSCSI layer. > > These attacks are easily defeated if the iSCSI > layer cross checks remote end's identity with the > IPSec layer. But it is not clear how this is done > and whether it will be done or is required to > be done. > > If the IPSec layer verifies that the IP address > INSIDE the tunnel really belongs to B, and iSCSI > verifies that the IP address it sees really belongs > to A, and the data consulted for the verification > is secure, then one of these checks should fail, > but this seems like a stretch. > > But perhaps I am missing something simple. As I understand your scenario, target C will see initiator A logging in from B's IP address. There is no way that iSCSI will see the connection as coming from anywhere other than B's IP. So you can close this by limiting A's auths to only be valid from its IP addresses. Take care, Bil
Home Last updated: Thu Jun 12 17:19:24 2003 12634 messages in chronological order |