Secure iSCSI storage


This article can also be found in the Premium Editorial Download "Storage magazine: Tips for lowering the cost of storage support contracts."

Download it now to read this article plus other related content.

So if iSCSI has so many security features, why do so many people ask about security? The reason is that iSCSI is much more accessible than previous storage protocols. Ethernet hardware and IP support have become ubiquitous, both inside and outside the data center. The technology uses common protocols and is supported by the majority of OSes available today. This means there are millions of people who could theoretically try their hand at breaking into an iSCSI SAN.

This accessibility is also a blessing for iSCSI. On the positive side, there's a lot more understanding and acceptance of its basic concepts vs. Fibre Channel (FC). There's also a legion of trained network engineers who have the skills to build a secure network for iSCSI to run on. Technologies like Challenge-Handshake Authentication Protocol (CHAP), Remote Authentication Dial-In User Service (RADIUS), VPN and IPsec have proven to be powerful and reliable over a decade of widespread use. This stands in contrast to the arcane security features, most of which are rarely used, offered by FC storage device vendors. "Our iSCSI SAN is definitely more secure because of our previous experience with IP and Ethernet," says Ron Braden, IT director for the Town of Vail, CO. "Building a secure IP network is second nature to us."

A secure system addresses data confidentiality, integrity and availability. Most people begin with confidentiality. But availability is equally important and probably accounts for more

Requires Free Membership to View

security breaches. A denial of service attack is much simpler to engineer than an encryption hack. Data can also be deleted, requiring time-consuming restores. Integrity is a more subtle topic. Substituting bad data for good data can go unnoticed and could lead to more serious side effects than simply losing access to a system. Problems with integrity can also lead to legal and compliance issues that are more costly than any technical problem.

This was first published in May 2007

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: