Are there any safeguards to prevent rogue access to an iSCSI Cluster Shared Volume?
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
There are several things you can do to prevent rogue access to an iSCSI Cluster Shared Volume. The first thing you should do is to make sure that security is enabled for the target. If you are setting up a Windows Server-based iSCSI target, Microsoft gives you two choices of security: CHAP or Reverse CHAP. Microsoft recommends that you use CHAP security.
You can also specify the names of the iSCSI initiators that are allowed to connect to the iSCSI target. However, it is a good idea to get a little bit creative with the initiator IDs.
On Windows Servers, the initiators follow a very predictable naming convention that is based on the server's fully qualified domain name. Suppose, for instance, that you were to launch the iSCSI initiator on a Windows server named DC1.lab.com. The Initiator's name would be iqn.1999-05.com.microsoft:dc1.lab.com. By modifying the initiator name, you can make it less predictable. This goes a long way toward preventing someone from spoofing an initiator name in an effort to gain access to your iSCSI target.
Another thing you can do to help secure an iSCSI Cluster Shared Volume is to enable IPsec tunneling. IPsec tunneling won't prevent rogue connections to the iSCSI target, but it will ensure the privacy of the data that is being sent to or from the target.
One of the most important steps you can take to secure iSCSI targets is to practice good security on the target volume. In other words, don't allow open-ended security. Use NTFS permissions to control access to the resources inside the target. The idea is to practice defense in-depth and to make sure that no data is exposed even if someone does manage to establish a connection to the iSCSI target.
Dig Deeper on SAN technology and arrays
Related Q&A from Brien Posey
Expect data protection technologies to veer toward an expansion of recovery capabilities, as organizations need to be able to recover in multiple ...continue reading
Health IT expert Brien Posey offers some examples of multifactor authentication as a way for hospitals to further safeguard access to protected ...continue reading
IT can take a few steps to make the move to Windows 10 easier on users, including considering an in-place upgrade and holding off on any other major ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.