is this a linux iscsi lun? if not and you've paid good money for a san, you've probably paid good money for their support. if not, call their sales and tell them that you'd like to look into the type of data encryption you can get for your iscsi lun, they'll get an engineer on it, and then you buy it or not :)
2011/6/9 Cal Leeming [Simplicity Media Ltd] <cal.leem...@simplicitymedialtd.co.uk>: > This might be a good time to get your hands dirty :) > A combination of dd / wireshark / tcpdump should revile the answers you > need! i have never looked iscsi traffic. however, since iscsi uses scsi commands, i don't think you're going to like it / it's going to help much. > 2011/6/9 Γιώργος Πάλλας <gp...@ccf.auth.gr> >> >> A tough one (for me)! >> >> I use iSCSI (with CHAP authentication) to get a remote device over an >> insecure network, then I unlock the LUKS volume and finally I mount the >> ext4 FS. >> How (in)secure is that? >> >> Data I miss: >> 1. CHAP encrypts the iSCSI authentication password, but the actual iSCSI >> data go over the link unencrypted obviously, yes? chap is pretty secure - it is used by radius, vpn, pppoe, etc. >> 2. When I unlock the LUKS volume using a key file, this key file is >> transmitted over the link, or not? maybe. i don't think there's a handshake and proper key exchange here. i'd look up the rfc if i were you and see - that shouldn't be too hard to figure out. >> 3. The actual ext4 data go over the link encrypted or not? it should be encrypted after this point. >> >> My pretty educated guesses are: >> 2. it does not get transmitted, >> 3. the data data is transmitted encrypted >> 1. yes, but we don't care because of 2. and 3. >> >> any idea how things really are? >> >> thanks! >> G. Pallas >> >> > > -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/BANLkTi=xbmod3_demyuztxrvlfcmkhv...@mail.gmail.com
