Confidentiality and integrity

For the most part, iSCSI operates as a cleartext protocol that provides no cryptographic protection for data in motion during SCSI transactions. As a result, an attacker who can listen in on iSCSI Ethernet traffic can:

Reconstruct and copy the files and filesystems being transferred on the wire;

Alter the contents of files by injecting fake iSCSI frames;

Corrupt filesystems being accessed by initiators, exposing servers to software flaws in poorly-tested filesystem code.

These problems do not occur only with iSCSI, but rather apply to any IP-based SAN protocol without cryptographic security. Adoption and deployment of IPsec, frequently cited as a solution to the IP SAN security problem, has been hampered by performance and compatibility issues.[citation needed]

July 26, 2011

Continue

Featured