Storage Basics: Securing iSCSI Using IPSec, Part 2 Page 5 - EnterpriseStorageForum.com

Storage Basics: Securing iSCSI Using IPSec, Part 2 Page 5

Continued from Page 4

Secure Server (Require Security)

When enabled, the Secure Server (Require Security) option offers the greatest level of security. The Secure Server policy secures all network traffic to or from the computer on which the IPSec policy is applied. This policy will reject all packets from non-aware IPSec clients. This policy has a rule to require security for all IP traffic, but notice that the rule allows ICMP traffic, and the default response rule is similar to the other predefined policies.

Rule 1:

IP Filter List: All IP Traffic
Filter Action: Require Security
Authentication: N/A
Tunnel Setting: None
Connection Type: All
Rule 2:

IP Filter List: All ICMP Traffic
Filter Action: Permit
Authentication: Kerberos
Tunnel Setting: None
Connection Type: All
Rule 3 (same default rule as the Client option):

IP Filter List: <Dynamic>
Filter Action: Default Response
Authentication: Kerberos
Tunnel Setting: None
Connection Type: All
Conclusions

By examining the various rules in these predefined Server 2003 policies, we now have a better idea of what is needed to design security policies to meet the needs of an organization. Using rules to create policies allows for flexibility in a security design, making it possible for administrators to assign the right level of security required for IP data transmissions.

» See All Articles by Columnist Mike Harwood


Page 5 of 5

Previous Page
1 2 3 4 5
 

Comment and Contribute

 


(Maximum characters: 1200). You have characters left.

 

 

Storage Daily
Don't miss an article. Subscribe to our newsletter below.

Thanks for your registration, follow us on our social networks to keep up-to-date