Securing iSCSI for Data Backup and Disaster Recovery JAMES HUGHES CS526 5/03/05 James W. Hughes 1.

Slides:



Advertisements
Similar presentations
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Advertisements

CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
IPSec In Depth. Encapsulated Security Payload (ESP) Must encrypt and/or authenticate in each packet Encryption occurs before authentication Authentication.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Security at the Network Layer: IPSec
NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.
Henric Johnson1 Chapter 6 IP Security. Henric Johnson2 Outline Internetworking and Internet Protocols IP Security Overview IP Security Architecture Authentication.
Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.
IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.
Introduction to PKI, Certificates & Public Key Cryptography Erwan Lemonnier.
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
CCNA 5.0 Planning Guide Chapter 7: Securing Site-to-Site Connectivity
Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.
Creating an IPsec VPN using IOS command syntax. What is IPSec IPsec, Internet Protocol Security, is a set of protocols defined by the IETF, Internet Engineering.
SSH Secure Login Connections over the Internet
Protocol Basics. IPSec Provides two modes of protection –Tunnel Mode –Transport Mode Authentication and Integrity Confidentiality Replay Protection.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 9: Securing Network Traffic Using IPSec.
RE © 2003, Cisco Systems, Inc. All rights reserved.
© 2003, Cisco Systems, Inc. All rights reserved. FNS 1.0— © 2003, Cisco Systems, Inc. All rights reserved.
12/12/2008 Summers - SAiSCSI 1 Secure Asymmetric iSCSI For Online Storage Sarah A. Summers.
Secure Socket Layer (SSL)
Remote Access Chapter 4. IEEE 802.1x An internet standard created to perform authentication services for remote access to a central LAN. An internet standard.
1 Chapter 8 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
Slide 1 DESIGN, IMPLEMENTATION, AND PERFORMANCE ANALYSIS OF THE ISCSI PROTOCOL FOR SCSI OVER TCP/IP By Anshul Chadda (Trebia Networks)-Speaker Ashish Palekar.
1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 2 Module 3 City College of San.
Network access security methods Unit objective Explain the methods of ensuring network access security Explain methods of user authentication.
Karlstad University IP security Ge Zhang
Network Security David Lazăr.
Module 4 Quiz. 1. Which of the following statements about Network Address Translation (NAT) are true? Each correct answer represents a complete solution.
Module 8: Designing Security for Authentication. Overview Creating a Security Plan for Authentication Creating a Design for Security of Authentication.
11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 
© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 4: Configuring Site to Site VPN with Pre-shared keys.
IP Security: Security Across the Protocol Stack. IP Security There are some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS.
Hands-On Microsoft Windows Server 2003 Networking Chapter 9 IP Security.
Attacking IPsec VPNs Charles D George Jr. Overview Internet Protocol Security (IPSec) is a suite of protocols for authenticating and encrypting packets.
1 Chapter 6 IP Security. 2 Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.
1 CMPT 471 Networking II Authentication and Encryption © Janice Regan,
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 10: Planning and Managing IP Security.
IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.
Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.
PPP Configuration.
Internet Protocol Storage Area Networks (IP SAN)
IPSec The Wonder Protocol Anurag Vij Microsoft IT.
© 2007 EMC Corporation. All rights reserved. Internet Protocol Storage Area Networks (IP SAN) Module 3.4.
Computer Science and Engineering Computer System Security CSE 5339/7339 Session 27 November 23, 2004.
8-1Network Security Virtual Private Networks (VPNs) motivation:  institutions often want private networks for security.  costly: separate routers, links,
VPNs and IPSec Review VPN concepts Encryption IPSec Lab.
IPSec Detailed Description and VPN
Chapter 18 IP Security  IP Security (IPSec)
Internet and Intranet Fundamentals
SAN (Extension Protocol & Protocol Stack)
IPSec IPSec is communication security provided at the network layer.
VPNs and IPSec Review VPN concepts Encryption IPSec Lab.
Chapter 6 IP Security.
Lecture 36.
Lecture 36.
Presentation transcript:

Securing iSCSI for Data Backup and Disaster Recovery JAMES HUGHES CS526 5/03/05 James W. Hughes 1

Overview Introduction / Motivation Brief Overview of iSCSI Strategies for Securing iSCSI Conclusion References CS526 5/03/05 James W. Hughes 2

Introduction / Motivation Learn About A New Technologies Attempt To Pass It On Brief Backup and Disaster Recovery Scenario Scenario CS526 5/03/05 James W. Hughes 3

Brief Overview of iSCSI iSCSI Protocol Protocol Data Units Encapsulation of iSCSI PDU CS526 5/03/05 James W. Hughes 4

Strategies for Securing iSCSI Access Control Lists (ACLs) Strong Authentication Schemes Secure Management Interfaces Encrypt Exposed Network Traffic Encrypt Data at Rest CS526 5/03/05 James W. Hughes 8

Conclusion iSCSI is an Alternative to Fiber Channel Overview of iSCSI Protocol Strategies to Securing iSCSI CS526 5/03/05 James W. Hughes 14

Questions CS526 5/03/05 James W. Hughes 15

References Hewlet Packard, (2005). iSCSI Overview. –Power Point Presentation Foskett, S., (07 Apr 2005), Five ways to secure iSCSI, i ,00.html i ,00.html Harwood, M., (27 Jan 2004), Storage Basics: Securing iSCSI using IPSec, s/article.php/11567_ _1 s/article.php/11567_ _1 Network Sorcery, (n.d.), CHAP, Challenge Handshake Authentication Protocol, CS526 5/03/05 James W. Hughes 16

Access Control Lists (ACLs) Implementations: –IP Address –Initiator Name –MAC Address Provides of a means of dividing storage resources among clients. Not a strong security method. Back to Strategies for Securing iSCSI CS526 5/03/05 James W. Hughes 9

Strong Authentication Schemes Challenge Handshake Authentication Protocol (CHAP) –Two way Authentication – Protects against Playback Attacks Remote Authentication Dial-In User Service (RADIUS) Drawback: Passwords must be stored on both sides RADIUS service can be difficult to configure Back to Strategies for Securing iSCSI CS526 5/03/05 James W. Hughes 10

Secure Management Interfaces Lesson Learned From Fiber Channel –Limit Usage –Enforce Strong Passwords –Verify Vendor Accounts Removed or Disabled Back to Strategies for Securing iSCSI CS526 5/03/05 James W. Hughes 11

Encrypt Exposed Network Traffic IP security (IPsec) Authentication Headers (AH) Authentication: Kerberos v5, Public Key Certificates (PKIs), and Preshared keys Integrity: Message Digest 5 (MD5) and Secure Hash Algorithm 1 (SHA1) Encapsulating Security Payloads (ESP) Data Encryption Standard (40-bit) Data Encryption Standard (56-bit) Triple DES (3DES) (168-bit) Back to Strategies for Securing iSCSI CS526 5/03/05 James W. Hughes 12

Encrypt Data at Rest Full Disk Encryption Security Appliances Backup Tape Encryption Back to Strategies for Securing iSCSI CS526 5/03/05 James W. Hughes 13

host SCSI command set Parallel Bus iSCSI TCP IP Ethernet FCP Fibre Channel iSCSI Protocol Back to iSCSI Overview A transport protocol for SCSI that operates over TCP/IP CS526 5/03/05 James W. Hughes 5

Protocol Data Units Consist of SCSI commands, data, and responses for TCP handling iSCSI Data iSCSI Header Protocol Data Unit (PDU) Back to iSCSI Overview CS526 5/03/05 James W. Hughes 6

Encapsulation of iSCSI PDU dest MAC src MAC Ether type data FCS (CRC) 6 bytes 2 bytes4 bytes46 to 1500 bytes IP TCP iSCSI PDU Back to iSCSI Overview CS526 5/03/05 James W. Hughes 7

Scenario CS526 5/03/05 James W. Hughes 17 Back to iSCSI Overview

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.