Appreciating the Security Protocol of iSCSI

In order to truly understand the benefits and power that is built within the iSCSI technology, you need to first try to comprehend just how the security protocols work for these devices and networking technology overall.  There are several different key elements that need to be taken into consideration when it comes to the overall security protocol that all fit together just like one completed puzzle.

Focusing on the Authentication

The targets and initiators within the realm of iSCSI technology are able to prove their own identities to one another by effectively using the CHAP protocol that consists of a particular mechanism that was designed to prevent any type of cleartext password from popping up on the wire.  On its own, the CHAP protocol is openly exposed and vulnerable to a wide variety of attacks – such as dictionary and reflection attacks as well as spoofing.  However, as long as the rules of this particular type of protocol are followed within the iSCSI, the vast majority of these attacks can easily be prevented.

Understanding the Principle of Logical Network Isolation

Most IT administrators and specialists will only run iSCSI through backchannel networks that are logically isolated.  Within this particular type of deployment architecture, the only elements that are directly exposed to the general-purpose network internally are the storage arrays’ management ports. 

The iSCSI protocol runs over network segments that are dedicated or just through virtual Local Area Networks (or LANS).  Since an individual host that is compromised with an iSCSI disk is capable of attacking the resources that are used for storage purposes by other hosts, this specific type of isolation can easily create a transitive trust problem that is rather difficult to resolve. 

How Does Physical Network Isolation Work?

Even though it is possible for iSCSI to be isolated logically from the general network exclusively through the use of virtual LANS, this is still not…

Read the full article from the Source…

Back to Top