Book Image

Hyper-V Security

By : Eric Siron, Andrew Syrewicze
Book Image

Hyper-V Security

By: Eric Siron, Andrew Syrewicze

Overview of this book

Table of Contents (15 chapters)
Hyper-V Security
About the Authors
About the Reviewers

Securing iSCSI connections

Naturally, iSCSI travels across the network. In their natural form, the packets are easy to decode. If they're intercepted, an attacker will have no problem in extracting their contents. Unless steps are taken, an attacker can also pretend to be a host with legitimate access to the iSCSI target, and read its contents that way. There are a few ways to protect them.

Physical and logical isolation

The best way to protect iSCSI traffic is to put it on physical network hardware that has nothing in common with anything else. With that precaution taken, there's usually nothing else necessary to lock down iSCSI communications. This has an additional benefit of lowering the amount of network traffic that iSCSI traffic needs to contend with. Due to the way that switching works, this is usually insignificant unless there are many hops.

The following diagram shows one architectural option to isolate iSCSI:

Another option is to use logical isolation. You can employ a common switching...