PRO+ Premium Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
July 2003

IPSec best practices to secure IP-based storage systems

IP-based storage compounds the flexibility, scalability -- and, to some extent, the risk -- of distributed SANs. High-speed Ethernet (10 Gbps is now available, albeit very expensive) is widely deployed to meet the high bandwidth requirements of IP storage traffic. Thanks to a spate of new protocols, enterprises can create IP SANs in all-Ethernet or mixed Ethernet/Fiber Channel environments. However, IP storage traffic is vulnerable to the same security risks as traditional IP networks -- data theft/modification, peer modification, denial of service, etc. Although it's not mandated in the iSCSI standard, IPSec should be implemented to secure IP storage traffic. But encryption degrades performance. While this may be acceptable for a VPN supporting less-demanding IP traffic, it won't meet the performance requirements of IP storage. This is being addressed by high-end processors embedded in the new class of iSCSI-compliant products. QLogic, for example, is marketing a series of chips for iSCSI/IPSec acceleration, as well as iSCSI ...

Access this PRO+ Content for Free!

Features in this issue

Columns in this issue