If you're using iSCSI in a cloud environment, what must come from an external protocol or application?
If you're using iSCSI in a cloud environment, what must come from an external protocol or application?
iSCSI does not natively support encryption, meaning that encryption must come from an external protocol or application such as IPsec to secure the communications between iSCSI endpoints.
D. Encryption
Data Encryption: the data exchanged between the iSCSI initiator and iSCSI target is not encrypted, which is why an attacker who is able to sniff the data of the wire will also be able to reconstruct the data, or more precisely, the files and directories transferred between the two parties. Additionally, an attacker might also be able to inject his own data into the traffic, thus creating/modifying/deleting arbitrary files on the iSCSI target. To mitigate the risk, the IPsec ought to be used to properly encrypt the communication between the iSCSI endpoints. https://resources.infosecinstitute.com/topics/cloud/iscsi-security-considerations-cloud/
B. Use CHAP (Challenge Handshake Authentication Protocol) to ensure each host has its own password.