>>> Andy Grover <agro...@redhat.com> schrieb am 12.09.2012 um 17:30 in Nachricht <5050aa78.9090...@redhat.com>: > Hi Mike and everyone, > > CHAP is a weak authentication method, and all traffic is sent > unencrypted (unless using IPSec). > > Do people use CHAP? Or does its weakness not matter because it's just > used to ensure the wrong initiator doesn't accidentally connect to a target? > > Does anyone use IPSec? > > In the absence of IPSec should we at least be advocating full-volume > encryption on luns?
Hi! volume encryption may protect your data from disclosure and directed manipulation, but it won't protect your data from random corruption (via connection hijacking). CHAP can prevent unauthorized connections to the iSCSI target, not more. Still that's much more security than authenticating by IP address. (MHO) Regards, Ulrich > > Thanks -- Andy -- You received this message because you are subscribed to the Google Groups "open-iscsi" group. To post to this group, send email to firstname.lastname@example.org. To unsubscribe from this group, send email to open-iscsi+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/open-iscsi?hl=en.