FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 06-09-2011, 02:50 PM
"Cal Leeming [Simplicity Media Ltd]"
 
Default iSCSI + LUKS over insecure network

This might be a good time to get your hands dirty
A combination of dd / wireshark / tcpdump should*revile*the answers you need!
2011/6/9 Γιώργος *άλλας <gpall@ccf.auth.gr>

A tough one (for me)!



I use iSCSI (with CHAP authentication) to get a remote device over an

insecure network, then I unlock the LUKS volume and finally I mount the

ext4 FS.

How (in)secure is that?



Data I miss:

1. CHAP encrypts the iSCSI authentication password, but the actual iSCSI

data go over the link unencrypted obviously, yes?

2. When I unlock the LUKS volume using a key file, this key file is

transmitted over the link, or not?

3. The actual ext4 data go over the link encrypted or not?



My pretty educated guesses are:

2. it does not get transmitted,

3. the data data is transmitted encrypted

1. yes, but we don't care because of 2. and 3.



any idea how things really are?



thanks!

G. Pallas
 
Old 06-09-2011, 03:16 PM
shawn wilson
 
Default iSCSI + LUKS over insecure network

is this a linux iscsi lun? if not and you've paid good money for a
san, you've probably paid good money for their support. if not, call
their sales and tell them that you'd like to look into the type of
data encryption you can get for your iscsi lun, they'll get an
engineer on it, and then you buy it or not

2011/6/9 Cal Leeming [Simplicity Media Ltd]
<cal.leeming@simplicitymedialtd.co.uk>:
> This might be a good time to get your hands dirty
> A combination of dd / wireshark / tcpdump should*revile*the answers you
> need!

i have never looked iscsi traffic. however, since iscsi uses scsi
commands, i don't think you're going to like it / it's going to help
much.

> 2011/6/9 Γιώργος *άλλας <gpall@ccf.auth.gr>
>>
>> A tough one (for me)!
>>
>> I use iSCSI (with CHAP authentication) to get a remote device over an
>> insecure network, then I unlock the LUKS volume and finally I mount the
>> ext4 FS.
>> How (in)secure is that?
>>
>> Data I miss:
>> 1. CHAP encrypts the iSCSI authentication password, but the actual iSCSI
>> data go over the link unencrypted obviously, yes?

chap is pretty secure - it is used by radius, vpn, pppoe, etc.

>> 2. When I unlock the LUKS volume using a key file, this key file is
>> transmitted over the link, or not?

maybe. i don't think there's a handshake and proper key exchange here.
i'd look up the rfc if i were you and see - that shouldn't be too hard
to figure out.

>> 3. The actual ext4 data go over the link encrypted or not?

it should be encrypted after this point.

>>
>> My pretty educated guesses are:
>> 2. it does not get transmitted,
>> 3. the data data is transmitted encrypted
>> 1. yes, but we don't care because of 2. and 3.
>>
>> any idea how things really are?
>>
>> thanks!
>> G. Pallas
>>
>>
>
>


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: BANLkTi=xBMoD3_DEmYUzTxrVLfCmkhVEAw@mail.gmail.com ">http://lists.debian.org/BANLkTi=xBMoD3_DEmYUzTxrVLfCmkhVEAw@mail.gmail.com
 

Thread Tools




All times are GMT. The time now is 12:14 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org