" ... For the most part, iSCSI is a cleartext protocol that provides no cryptographic protection for data in motion during SCSI transactions. As a result, an attacker who can listen in on iSCSI ethernet traffic can:
* Reconstruct and copy the files and filesystems being transferred on the wire
* Alter the contents of files by injecting fake iSCSI frames
* Corrupt filesystems being accessed by initiators, exposing servers to software flaws in poorly-tested filesystem code.
These problems are not unique to iSCSI, but rather apply to any IP-based SAN protocol without cryptographic security. Though IPSec is frequently cited as a solution to the IP SAN security problem, performance and compatibility concerns retard its deployment ...
Bookmarks