Book Image

Hyper-V Security

By : Eric Siron, Andy Syrewicze
Book Image

Hyper-V Security

By: Eric Siron, Andy Syrewicze

Overview of this book

Hyper-V Security is intended for administrators with a solid working knowledge of Hyper-V Server, Windows Server, and Active Directory. An administrator with a functional environment will be able to use the knowledge and examples present in this book to enhance security.
Table of Contents (10 chapters)
9
Index

Securing iSCSI connections


Naturally, iSCSI travels across the network. In their natural form, the packets are easy to decode. If they're intercepted, an attacker will have no problem in extracting their contents. Unless steps are taken, an attacker can also pretend to be a host with legitimate access to the iSCSI target, and read its contents that way. There are a few ways to protect them.

Physical and logical isolation

The best way to protect iSCSI traffic is to put it on physical network hardware that has nothing in common with anything else. With that precaution taken, there's usually nothing else necessary to lock down iSCSI communications. This has an additional benefit of lowering the amount of network traffic that iSCSI traffic needs to contend with. Due to the way that switching works, this is usually insignificant unless there are many hops.

The following diagram shows one architectural option to isolate iSCSI:

Another option is to use logical isolation. You can employ a common switching...