IP Storage Spec Gets the Boot
A draft spec for how future IP storage hardware will boot up encountered an obstacle this week: Microsoft security.A draft specification for how future IP storage hardware will boot up encountered an obstacle this week: Microsoft security. The document, "Bootstrapping Clients Using the iSCSI Protocol," was voted down by the Internet Engineering Steering Groups IP Storage Working Group. The vote was nine to two, with an abstention by renowned AT&T Corp. security expert Steve Bellovin. In its current form, the document discusses such security mechanisms as Dynamic Host Configuration Protocol authentication, SLPv2 and IPsec. But IP storage systems are expected to connect largely to Windows servers, and Windows Preboot Execution Environment, or PXE, is inherently insecure, one of the voters wrote, anonymously.
"PXE security is rarely enabled in practice, and this makes it possible for a rogue PXE server to reformat the hard disks of machines booting within an enterprise network," the voter commented. Boot security is "potentially one of the most lethal security vulnerabilities existing today [and] was the topic of a briefing to the National Security Council."