RE: Security Considerations

To: "'David Robinson'" <David.Robinson@EBay.Sun.COM>, Jim McGrath <Jim.McGrath@quantum.com>
Subject: RE: Security Considerations
From: "VonStamwitz, Paul" <paulv@corp.adaptec.com>
Date: Fri, 7 Jul 2000 17:15:37 -0700
Cc: ips@ece.cmu.edu
Content-Type: text/plain;charset="iso-8859-1"
Sender: owner-ips@ece.cmu.edu

Jim McGrath wrote:
> 
> My impression (which I admit could be quite mistaken) is that we may be on
a
> path of requiring a higher level of security for iSCSI than is warranted
by
> alternative protocols.  Of course, enhancing security has its value, but
> since SCSI starts off with essentially no security, iSCSI is a poor
protocol
> upon which to require lots of security.
>

I've quoted below portions of section 5 of "Guidelines for Writing RFC Text
on Security
Considerations". My email is was intended as a start to the "due diligence"
process.

   While it is not a requirement that any given protocol or system be
   immune to all forms of attack, it is still necessary for authors to
   consider them. Part of the purpose of the Security Considerations
   section is to explain what attacks are out of scope and what counter-
   measures can be applied to defend against them.

   There should be a clear description of the kinds of threats on the
   described protocol or technology.  This should be approached as an
   effort to perform "due diligence" in describing all known or foresee-
   able risks and threats to potential implementers and users.

   At least the following forms of attack MUST be considered: eavesdrop-
   ping, replay, message insertion, deletion, modification, and man-in-
   the-middle. Potential denial of service attacks MUST be identified as
   well.

David Robinson wrote:
> The benchmark that iSCSI will have to meet is what is being done
> in the NFSv4 WG.  Using the ONCRPC WG mechanisms based on GSSAPI
> and RPCSEC_GSS they provide authentication, integrity, and privacy
> using one of two manditory to implement mechanisms, Kerberos V5
> and LIPKEY.
> 
> I suspect that if iSCSI doesn't address security to provide similar
> capabilities it will not pass muster. Of course the security should
> always be able to be negotiated to the desired levels.

I agree on the pass muster comment. I also agree on the negotiating of
security level. Hence, the 3 layer model of no security, connection-oriented
authentication on logins (thanks to Brent on the distinction), and
encryption. Luciano Dalle Oro pointed out that IPsec provides excellent data
integrity in addition to security.

Paul

Prev by Date: noop and ping
Next by Date: Administrivia
Prev by thread: RE: Security Considerations
Next by thread: RE: Security Considerations
Index(es):
- Date
- Thread

Home

Last updated: Tue Sep 04 01:08:09 2001
6315 messages in chronological order