by Cindy Waxer

How to Secure an iSCSI SAN

Aug 01, 20061 min
IT Strategy

For all its promises of user-friendliness and low-cost storage, a storage area network based on Internet Small Computer System Interface (iSCSI) can present some daunting security risks to today’s mid-market companies. After all, iSCSI is essentially a combination of two protocols—TCP/IP and SCSI—neither of which possesses built-in security features. Vendors have taken steps to deliver CIOs greater peace of mind by introducing password authorization provisions and optional protection mechanisms such as IPSec that act as a network layer, promising the safe transmission of data over unprotected networks (such as the Internet). But when it comes to guaranteed safety, Gartner analyst Robert Passmore says, “The answer is isolation.”

By unplugging an iSCSI-based SAN’s Internet cable, a company can isolate iSCSI traffic on a separate network and prevent unauthorized users from accessing sensitive information. After all, says Passmore, “There’s no fundamental reason to connect iSCSI to a public network.”