At 10:14 26.05.2000 -0500, Brian(_dot_)Rubarts(_at_)born(_dot_)com wrote:
True, but whether the server accesses the disks via SCSI over TCP or SCSI
over Fibre Channel, the SERVER is still the weak link. The transport
protocol doesn't create any inherent weaknesses of the type you are
refering to--e-mail borne viruses, internal hackers, etc. The server
would still be the attack point. Why goodness, the server and storage
devices could be in a VLAN or something to deny direct hack attempts
against the storage device, but the chink in the armor is how hardened is
your OS?
did you hear the story about the MIT students who broke encryption in
Netscape by replacing the page of the binary containing the crypto
verification code (sniffing the NFS request and replying faster than the
real fileserver) while it was being transferred over the network?
Replacing a dedicated medium (such as a SCSI bus) with a shared medium
(such as an Ethernet cable plant) always opens new chinks.
The point being made, remade and made again here is:
- Any IP technology will be used in contexts where there are security threats
- Any protocol that offers no means of countering such security threats is
broken, and should not be considered for standardization.
It is perfectly possible that after conducting a threat and modality
analysis, one ends up with saying that hardware-accelerated IPsec using
host identities is adequate for the scenarios involving
otherwise-unprotected Internet links, and that a mode with no protection is
adequate when the media is physically secured.
But the analysis MUST BE DONE.
Harald
--
Harald Tveit Alvestrand, EDB Maxware, Norway
Harald(_dot_)Alvestrand(_at_)edb(_dot_)maxware(_dot_)no