is this a linux iscsi lun? if not and you've paid good money for a
san, you've probably paid good money for their support. if not, call
their sales and tell them that you'd like to look into the type of
data encryption you can get for your iscsi lun, they'll get an
engineer on it, and then you buy it or not
2011/6/9 Cal Leeming [Simplicity Media Ltd]
> This might be a good time to get your hands dirty
> A combination of dd / wireshark / tcpdump should┬*revile┬*the answers you
i have never looked iscsi traffic. however, since iscsi uses scsi
commands, i don't think you're going to like it / it's going to help
> 2011/6/9 ╬ô╬╣¤Ä¤ü╬│╬┐¤é ╬*╬Č╬╗╬╗╬▒¤é <email@example.com>
>> A tough one (for me)!
>> I use iSCSI (with CHAP authentication) to get a remote device over an
>> insecure network, then I unlock the LUKS volume and finally I mount the
>> ext4 FS.
>> How (in)secure is that?
>> Data I miss:
>> 1. CHAP encrypts the iSCSI authentication password, but the actual iSCSI
>> data go over the link unencrypted obviously, yes?
chap is pretty secure - it is used by radius, vpn, pppoe, etc.
>> 2. When I unlock the LUKS volume using a key file, this key file is
>> transmitted over the link, or not?
maybe. i don't think there's a handshake and proper key exchange here.
i'd look up the rfc if i were you and see - that shouldn't be too hard
to figure out.
>> 3. The actual ext4 data go over the link encrypted or not?
it should be encrypted after this point.
>> My pretty educated guesses are:
>> 2. it does not get transmitted,
>> 3. the data data is transmitted encrypted
>> 1. yes, but we don't care because of 2. and 3.
>> any idea how things really are?
>> G. Pallas
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org
Archive: BANLkTi=xBMoD3_DEmYUzTxrVLfCmkhVEAw@mail.gmail.com ">http://lists.debian.org/BANLkTi=xBMoD3_DEmYUzTxrVLfCmkhVEAw@mail.gmail.com