>>> Andy Grover <agro...@redhat.com> schrieb am 12.09.2012 um 17:30 in Nachricht
> Hi Mike and everyone,
> CHAP is a weak authentication method, and all traffic is sent
> unencrypted (unless using IPSec).
> Do people use CHAP? Or does its weakness not matter because it's just
> used to ensure the wrong initiator doesn't accidentally connect to a target?
> Does anyone use IPSec?
> In the absence of IPSec should we at least be advocating full-volume
> encryption on luns?


volume encryption may protect your data from disclosure and directed 
manipulation, but it won't protect your data from random corruption (via 
connection hijacking). 
CHAP can prevent unauthorized  connections to the iSCSI target, not more. Still 
that's much more security than authenticating by IP address. (MHO)


> Thanks -- Andy


You received this message because you are subscribed to the Google Groups 
"open-iscsi" group.
To post to this group, send email to open-iscsi@googlegroups.com.
To unsubscribe from this group, send email to 
For more options, visit this group at 

Reply via email to