Troubleshooting LANs
Local area networks (LAN) are integral to the operation of many businesses today. The most common 
LANs use Ethernet, a data link layer protocol, and Internet Protocol (IP), a network layer protocol.
A LAN is comprised of many elements: printers, monitors, PCs, IP phones, servers, storage hardware, networking equipment, security software, network applications, enterprise applications, office productivity applications, and more. Devices on the network are linked physically by twisted pair copper, fiber or wireless access points.
Troubleshooting LANs is typically the job for the frontline network support staff – engineers and technicians. Common problems include user connection issues and slow networks.
Root causes of LAN problems are frequently caused by one of these three sources:
1. Physical layer: copper, fiber or wireless
Possible causes:
- Damaged or dirty cabling or terminations
- Excessive signal attenuation
- Insufficient cable bandwidth
- Wireless interference
2. Network Layer: Ethernet and IP
Possible causes:
- Damaged networking devices
- Incorrect or sub-optimal device configurations
- Authentication and association issues
- Insufficient network bandwidth
3. Switches and VLANs
Possible causes:
- Excessive utilization
- Too many errors
- Incorrectly assigned VLAN membership
- Traffic priority (CoS/QoS) issues
Best practices for successful LAN troubleshooting include these steps:
1. Identify the exact issue or problem: Have the person who reported the problem explain how normal operation appears, and then demonstrate the perceived problem.
2. Recreate the problem if possible: Ask yourself if you understand the symptoms, and verify the reported problem yourself if possible.
3. Localize and isolate the cause: Attempt to isolate the problem to a single device, connection, or software application.
4. Formulate a plan for solving the problem: Research and/or consider the possible solutions to the problem. Consider the possibility that some solutions to the problem at hand may introduce other problems.
5. Implement the plan: Your actual solution to the problem may be replacing hardware, implementing a software patch, reinstalling the application or component or cleaning a virus infected file. If the problem is the user account, the user’s security settings or logon scripts may need to be adjusted.
6. Test to verify that the problem has been resolved: After you have implemented the solution, ensure that the entire problem has been resolved by having the user test for the problem again.
7. Document the problem and solution: Documentation can be used for future reference to help you troubleshoot the same or similar problem. You can also use the documentation to prepare reports on common network problems for management and/or users, or to train new network users or members of the network support team.
8. Provide feedback to the user: This encourages users to report similar situations in the future, which will improve the performance of your network. If the user could have done something to correct or avoid the issue, providing feedback may reduce the number of future network problems.
Importance of LAN troubleshooting tools and training
Giving frontline network support staff the proper training, the right tools, and a solid troubleshooting methodology results in faster LAN problem solving – saving staff time, closing trouble tickets quicker, minimizing downtime, and getting network users back to productivity faster.
Enterprise Security on a Small-Business
Whether your business is a big fish or a small-fry home office, you can get hacked just the same, and the stakes are higher than a few canceled credit cards. Here are a few tips to protect your users and your networks–steps that even enterprise-class security specialists may slip up on.
Know Who Might Be Targeted–and How and Why
With the recent news of attacks on U.S. companies including Google, many business owners might be thinking, “That wouldn’t happen to me–I don’t have anything so valuable on my servers that an attacker would go after it.” Many attacks aren’t targeted at all, but are the result of self-selection. That is, the attacker casts a wide net by sending thousands of messages to a harvested list of e-mail addresses, and the ones that respond–either by clicking a link or via a ping-back embedded image in the e-mail–are the self-selected targets to pursue.
Targeted attacks–or “spear phishing,” as they have come to be known–are a more dangerous animal. A good attacker performs reconnaissance by scanning a target organization’s Website, quarterly SEC filings (if a public organization), and press releases to find names of key personnel and e-mail addresses.
If that fails, attackers will probably prowl industry conferences and public speaking events (slideshows are almost always archived on the conference Website with the speaker’s name, title, and e-mail address); they’ll also check out social networking sites–it’s easier for a hacker to bait the hook by figuring out who’s in charge through Facebook fan pages and LinkedIn profiles.
While your average spammer is looking for quantity, a spear phisherman is looking for quality. Any key executive that regularly handles sensitive documents or has elevated permissions on a company’s file server is a potential victim. Although you might jump to the top of the organization chart and think that the CEO is where spear phishermen would focus their lasers, consider your CEO’s executive assistant, as well. This person is accustomed to receiving hundreds of e-mail messages a day for the CEO from unfamiliar senders, and is likely charged with sorting all inbound messages. The assistant is more likely to be stressed, behind a deadline, and pressured to avoid delaying important messages–and thus more likely to make a poor computer security decision.
For similar reasons, a general counsel or staff attorney at an organization is also a good target, especially with an Adobe PDF attack. Attorneys regularly exchange large PDF briefings between one another and between companies. It wouldn’t be a stretch to imagine sending a mock cease-and-desist e-mail message from a spoofed address of your favorite influential intellectual-property law firm and include a PDF with a malicious payload. The attorney wouldn’t think twice about opening such a message; and once the payload within the PDF is executed, the attorney’s machine is effectively “owned” by the attacker.
Don’t Take the Bait
Spear-phishing attacks aiming for competitive intelligence or corporate espionage are likely to have a custom-tailored message (e-mail, IM, tweet, and so on), such that the victim is more likely to take the bait. A top nuclear physicist at a research institution is unlikely to follow through on a link advertising replica Rolex watches or natural male enhancement, but if the message is inviting the victim to be a speaker on a panel at a well-known nuclear physics symposium, the bait will be all but irresistible.
Although you might think that in 2010, most users (and especially tech workers) would be suspicious of any password reset or messages declaring that “we are improving our security,” a stunning number of them will still be fooled by such schemes. My company, Special Ops Security, as part of its assessments with organizations and government agencies, will run controlled experiments where we intentionally phish targeted individuals at a company and track both click-through and captured passwords on an encrypted Web site.
Two colleagues of mine have even started their own self-service portal for CIOs to run mock “spear phishing” of their employees at PhishMe.com. It’s a particularly eye-opening exercise, and I highly recommend it.
Use Unique E-Mail Addresses to Keep Password Reset E-Mails at Bay
If you don’t believe that you would fall for a targeted e-mail discussing your upcoming new product or a malicious PDF with a class-action settlement notice, there is the ever-present category of password reset and social networking notification messages. Most Websites, as an unfortunate necessity of large scale, have a “forgot password?” function that sends e-mails to allow you to obtain access to your account.
Additionally, we are trained to expect notification e-mails from sites informing us of new friend requests, or photos of ourselves that others have posted. This is a particularly enticing proposition for the human psyche–how can I resist clicking on “have you seen this hilarious picture of you from last night?”
How is one to know if Facebook or MySpace truly sent the e-mail or if it is spoofed? Eventually there will be enough adoption of electronic signatures and DNS-level security to make these spoofed messages ineffective. In the meantime, there is one method that I employ to make sure a message is genuine. Each social networking (or e-commerce, airline, or whatever) Website that I use has its own unique e-mail address for me.
If you are fortunate enough to have your own domain name and a mail server (Google Apps is great for this), you can create linkedin@johndoe.name and bankofamerica@janesmith.org. If you receive any notification message purporting to be from a site but the “to” address does not match, consider that message to be highly suspect and delete it immediately.
For those of us without the luxury of their own domain, or who are worried that someone might be able to easily guess their myspace@alicejones.net addressing scheme, a few e-mail masquerading services are available. My favorite is Sneakemail.com, which lets you create an unlimited number of e-mail aliases for a modest $2 per month. This way, you can use one unique e-mail per Website, and all the messages get forwarded to your “real” mailbox. The service even handles replies, so that the Website never has your real address.
If you receive a password reset notification directly to your work e-mail instead of your unique address for that site, you know it is at best spam and at worst a phishing attempt. As a nice side effect, you’ll be able to catch unscrupulous Websites that share your information with third parties. I once received several unsolicited offers from a company to the e-mail address that I had provided only to a particular airline’s frequent flyer club. Needless to say, I contacted the club’s privacy department, provided logs, and promptly canceled that account.
Don’t Click on Anything in E-Mail
As a rule, I don’t click on links within e-mail, ever. Not even from known senders. Well-formatted HTML e-mails should have a URL just below the big “Click here” button, usually in a section that says “if your e-mail program doesn’t allow links, copy and paste the following into your browser.” If you still can’t find the URL, switch your mail reader to display plain-text (in Gmail, you can use the “Show original” option from the reply menu) and find it there.
If I really want to click through, I will highlight the URL and paste it first into the Google search bar of my Web browser. If nothing else, this removes any HTML or rich-text formatting that my clipboard picked up and leaves me with a pristine plain-text URL. This strips away most of the obfuscation tricks such as www.yahoo.com.com.attacker.evil.ru, where you might not realize that the DNS (domain name server) will read a URL from right to left (meaning you are visiting a site at evil.ru) and humans will read the URL from left-to-right (perhaps thinking they are visiting a sub-section of yahoo.com).
Furthermore, submitting the URL to a search engine also protects me from homograph attacks where someone could send a link to www.paypa1.com (the numeral 1 instead of lowercase “L”). It would be obvious from the first few links that something was not quite right, though Internationalized Domain Names can add complications. Total cost to allow Google to run a sanity check on the link and remove rich-text formatting: zero.
Patch Early, Patch Often
Patching is absolutely necessary and (almost always) absolutely free. It’s amazing to have to say this, but the first thing to check–right now–is whether you are up to date on all your patching. Set an iCal/Outlook reminder and do it monthly. A good time would be the second Wednesday of each month, since Microsoft releases its security updates on the second Tuesday. Or you can tie the task mentally to paying your mortgage or rent–as you’re writing that check, also “check” for updates.
I don’t mean just double-click on Windows Update, either. If you haven’t activated Microsoft Update (a variation of Windows Update), you won’t receive any Microsoft Office updates. But don’t stop there! Make sure you visit Adobe to update your Flash plug-in and PDF Reader software. Firefox does a good job of pushing out updates without user intervention, but it won’t upgrade you to a major new release, so check the Firefox site as well.
I continue to light candles and wait for the day when Microsoft will open up its Windows Update infrastructure for all Windows software publishers to push their updates through one centralized location, automated, and with just one click. Until that day, try using software like Secunia’s Personal Software Inspector (free for personal users) that will scan all software on your computer and give you a consolidated look at where security patches are missing.
I’ve audited networks with IT managers who were quite proud that they update their antivirus signatures every 5 minutes, but they had critical servers with stock versions of Internet Explorer and Adobe, and missing OS patches from 2007! Some reports have claimed that the success of the attack on Google was due to an employee using an outdated Web browser.
Just last week, Google announced that they would be dropping IE 6 as a supported browser from their Google Apps and Google Docs services. When manufacturers release newer, more secure versions of software (I’m looking right at you, Internet Explorer 6 and 7 users), upgrade to the latest version. The 5 minutes that you spend watching the installation progress bar is well worth it in terms of the security provided by such newer technologies.
Hardware needs updating, too. Inventory your hardware and check up on firmware updates (just as important as software patches). Twice a year, look on manufacturer Websites for any hardware with a network port–not just your routers and switches, but also your multifunction copiers, your restaurant POS terminals, your Blu-ray player, your PBX, and your Twitter-enabled coffee pot.
Don’t Let Bob Stop You From Running a Secure Network
Customers often claim that their servers aren’t patched because “Bob says so” and he is the Dev Manager or the VP of Sales, and their custom application won’t run on the latest service pack or requires an ancient Web browser with all security features disabled. This is an unacceptable business risk in my opinion. If a particular division within the company runs software that precludes them from running the latest security patches, IT needs to isolate those servers in your network the way that it would segregate classified networks from unclassified networks.
Furthermore, unpatched servers should never have access to the Internet. Staff should access these dangerously unpatched servers only via dedicated computers (not the same ones that are used to read e-mail and browse the Internet) on a dedicated “less secure” network.
Unless businesses take information security seriously, they cannot avoid information theft and costly outages. Jars of peanut butter that have a small chance of being tainted are pulled off store shelves within hours of a recall starting; a financial server with known vulnerabilities that processes paychecks for hundreds of employees is allowed to operate for months. Nobody should run an unpatched server just because Bob says so.
The P of P2P Is Personal, Not Business
I’m going to say something unpopular: P2P has no business on your work computer. The risk of malicious software from P2P (peer to peer) networks far outweighs any legitimate need for BitTorrent or KaZaa. On your personal computer, I still don’t advise its use, but I can understand that there are several legitimate reasons for using it. Use reputable Websites to obtain shareware applications.
If you must participate in P2P, use a separate, nonadministrator user account for those functions. Never run software that you download from a P2P network in your administrator account, and always scan these downloads with several antivirus packages. Virustotal.com is a good place to do a quick scan of a dubious download if you don’t already have a solid security package such as Norton Internet Security 2010. If you’re a tech-savvy power user, run P2P software in a virtual machine to insulate your host operating system.
Nail Down Your Network
Switch your company and your home router’s DNS resolver to useOpenDNS. Do it right now, I’ll wait. There’s no reason to use the default DNS provided by your Internet service provider. OpenDNS has a gigantic cache that will speed up your queries and a free Website filtering service that might interest some companies. Even if you don’t want the filtering, its robust and secure DNS infrastructure can shield you from well-known attacks at the DNS level.
After 5 minutes of reconfiguration, your Internet connection will be snappier because the OpenDNS servers usually respond much quickly than your default ISP servers. Its Website explains the simple steps involved in changing your home router or your company’s Active Directory domain controllers to their resolvers, and it has infrastructure spread all over the globe to ensure a speedy reply no matter where you are.
For power users and anyone in an IT capacity at work, I’m a big fan of using a host-based outbound firewall on both servers and workstations. It is absolutely essential to be notified when an unknown or new process decides to make an outbound connection. This way, even if something slips past your antivirus and antimalware defenses, you can catch it on the way out. Of course, this won’t help nontechnical users who always click “Accept” on any pop-up that comes up.
At your company, implement outbound firewall rules. Most companies I work with have an “allow all” outbound policy for their users. While this may have been acceptable in the past, in this century I would not recommend running a business with such a permissive policy. You can start with restricting users to only HTTP and HTTPS outbound; this won’t protect you from everything, but it will close down a large portion of outbound connections that may not be authorized. You can also use OpenDNS to restrict access to inappropriate Websites.
Most important (and most often overlooked), server and DMZ networks should allow only a few explicit outbound connections (such as outbound SMTP for your mail server). Modern packet inspection firewalls are smart enough to allow your Web server to reply to an inbound request for a Web page, but very few legitimate reasons exist for your Web servers to initiate a connection to the outside world.
To be sure, there are exceptions (business partner inventory interchange, or offsite data backup, for instance), but in general most servers respond to inbound requests for information and do not themselves initiate connections. If a hacker compromises your server, one of the first things he or she will do is to use your server to connect to another machine (either within your organization or back to their network). Leaving a rule for outbound access to windowsupdate.microsoft.com (and similar update sites) is perfectly acceptable. A blanket “allow all” policy is just asking for trouble.
Google Hack Raises Serious Concerns, US Says
A coordinated hacking campaign targeting Google, Adobe Systems and more than 30 other companies raises serious concerns, U.S. Secretary of State Hillary Clinton said Tuesday.
In a statement released late Tuesday night, Clinton said that the U.S. government is taking the attack — which Google said came from China — very seriously. “We have been briefed by Google on these allegations, which raise very serious concerns and questions,” she said. “We look to the Chinese government for an explanation.”
Sources familiar with the situation say that more than 30 U.S. companies, including Adobe Systems, were hit by this targeted attack, which Google first discovered in mid-December. Using an attack that exploited an unpatched bug in widely used software, the attackers were able to gain footholds in these companies and siphon out valuable intellectual property.
In Google’s case the attackers also gained access information about the e-mail accounts of Chinese dissidents.
While attacks of this nature have hit the military, federal agencies, and government contractors in the past, Google is the first technology company to come forward and acknowledge it has been hit.
Google apparently feels strongly that China is behind the attack because the company said Tuesday that the event helped convince the company that it “should review the feasibility of our business operations in China.”
The company now says it will no longer censor search results on Google.cn, a move that could put it out of business in China.
Google’s competitor, Yahoo, also condemned the attacks. “We stand aligned with Google that these kinds of attacks are deeply disturbing and strongly believe that the violation of user privacy is something that we as internet pioneers must all oppose,” the company said in a statement.
A company spokeswoman declined to say whether or not Yahoo had been hit by the attack as well.
Yahoo doesn’t directly do business in China. It sold its Yahoo! China business to Alibaba.com in 2005, but it is a major shareholder in that company.
VPN technologies
Virtual private networks, or VPNs, extend the reach of LANs without requiring owned or leased private lines. Companies can use VPNs to provide remote and mobile users with network access, connect geographically separated branches into a unified network and enable the remote use of applications that rely on internal servers.
VPNs can use one or both of two mechanisms. One is to use private circuits leased from a trusted communications provider: alone, this is called a trusted VPN. The other is to send encrypted traffic over the public Internet: alone, this is called a secure VPN. Using a secure VPN over a trusted VPN is called a hybrid VPN. Combining two kinds of secure VPN into one gateway, for instance, IPsec and Secure Sockets Layer (SSL), is also called a hybrid VPN.
Trusted VPNs
Over the years, implementations of trusted VPNs have moved from raw private circuits leased from telecommunications vendors to private IP network circuits leased from Internet providers. The major technologies used for implementing trusted VPNs over IP networks are ATM circuits, frame-relay circuits and Multiprotocol Label Switching (MPLS).
ATM and frame relay operate at the data link layer, which is Layer 2 of the OSI model. (Layer 1 is the physical layer; Layer 3 is the network layer.) MPLS emulates some properties of a circuit-switched network over a packet-switched network, and operates at a layer often referred to as “2.5″ that is intermediate between the data link and the network. MPLS is beginning to replace ATM and frame relay to implement trusted VPNs for large corporations and service providers.
Secure VPNs
Secure VPNs can use IPsec with encryption, IPsec with Layer 2 Tunneling Protocol (L2TP), SSL 3.0 or Transport Layer Security (TLS) with encryption, Layer Two Forwarding (L2F) or Point-to-Point Tunneling Protocol (PPTP). [Editors' note: an earlier version of this article incorrectly stated that IPsec worked inside of L2TP, while the reverse is true]. Let’s go over each of these briefly.
IPsec, or IP security, is a standard for encrypting and/or authenticating IP packets at the network layer. IPsec has a set of cryptographic protocols for two purposes: securing network packets and exchanging encryption keys. Some security experts, for instance, Bruce Schneier of Counterpane Internet Security Inc., have considered IPsec the preferred protocol for VPNs since the late 1990s. IPsec is supported in Windows XP, 2000, 2003 and Vista; in Linux 2.6 and later; in Mac OS X, NetBSD, FreeBSD and OpenBSD; in Solaris, AIX and HP-UX; and in VxWorks. Many vendors supply IPsec VPN servers and clients.
Microsoft has included PPTP clients in all versions of Windows since Windows 95 OSR2; PPTP clients are in Linux, Mac OS X, Palm PDA devices and Window Mobile 2003 devices. The company has also included PPTP servers in all its server products since Windows NT 4.0.
PPTP has been very popular, especially on Windows systems, because it is widely available, free and easy to set up. However, as implemented by Microsoft, it has not always been the most secure of the secure VPNs.
Schneier, with “Mudge” of L0pht Heavy Industries, found and published security flaws in Microsoft PPTP in 1998; Microsoft quickly fixed these issues with MS-CHAPv2 and MPPE, and Schneier and Mudge published an analysis confirming the improvements in 1999, but they pointed out that the security of Microsoft PPTP still depended on the security of each user’s password. Microsoft has addressed this issue by enforcing password strength policies in its operating systems, but Schneier and Mudge still recommend IPsec rather than PPTP for secure VPNs as inherently safer.
L2TP combines ideas from PPTP and L2F, an older protocol developed by Cisco Systems Inc., to create a data link layer protocol. This provides a tunnel, but no security or authentication. L2TP can carry PPP sessions within its tunnel. Cisco implements L2TP in its routers. There are several open-source implementations of L2TP for Linux.
L2TP/IPsec combines L2TP’s tunnel with IPsec’s secure channel, which allows for easier secure Internet Key Exchange than pure IPsec. Microsoft has provided a free L2TP/IPsec VPN client for Windows 98, ME and NT since 2002, and ships an L2TP/IPsec VPN client with Windows XP, 2000, 2003 and Vista. Windows Server 2003 and Windows 2000 Server include L2TP/IPsec servers.
SSL and TLS are protocols for securing data flows at Layer 4 of the OSI model. SSL 3.0 and TLS 1.0, its successor, are commonly used with HTTP to enable secure Web browsing, called HTTPS. However, SSL/TLS can also be used to create a VPN tunnel. For example, OpenVPN is an open-source VPN package for Linux, xBSD, Mac OS X, Pocket PCs and Windows 2000, XP, 2003 and Vista, which uses SSL to provide encryption of both the data and control channels. Several vendors supply SSL VPN servers and clients.
Benefits and security risks of VPNs
A VPN can erase geographical barriers for a company, enable employees to work efficiently from home and allow a business to connect securely with its vendors and partners. A VPN is usually much cheaper to own and operate than private lines.
On the other hand, the use of a VPN can expose a company to potential security risks. While most VPNs in use are now fairly secure in and of themselves, a VPN can make it more difficult to secure the perimeter of a network properly. It is incumbent upon network administrators to apply the same security standards to computers connecting to the network via VPN as computers directly connected to the LAN.
Combining the use of two VPNs simultaneously can potentially expose one company’s network to another’s. In addition, using remote control software such as PC Anywhere, GoToMyPC or VNC in combination with a VPN can expose the company’s network to the malware present on a remote computer that is not itself connection to the VPN.
Reliability, scalability and performance of VPNs
Because secure VPNs rely on encryption and some of the cryptographic functions used are computationally expensive, a heavily used VPN can load down its server. Administrators typically manage the server load by limiting the number of simultaneous connections to what the server can handle.
When the number of people attempting to connect to the VPN suddenly peaks, for example, during a storm that disrupts transportation, employees may find themselves unable to connect because all VPN ports are busy. That gives administrators motivation to make key applications work without requiring the VPN, for instance, by setting up proxy servers or Internet Message Access Protocol servers to enable employees to access e-mail from home or from the road.
Deciding between IPsec and SSL/TLS for a given scenario can be complicated. One consideration is that SSL/TLS can work through a NAT-based firewall; IPsec cannot, but both protocols work through firewalls that do not translate addresses.
IPsec encrypts all IP traffic that flows between two computers. SSL/TLS is specific to an application. SSL/TLS uses expensive asymmetric encryption functions to establish a connection, and more efficient symmetric encryption functions to secure a running session.
In a real-world remote application, administrators may decide to mix and match protocols for the optimum balance of performance and security. For example, clients might connect to a Web-based front end through a firewall using a browser secured by SSL/TLS; the Web server might connect to an application server using IPsec; and the application server might connect to a database server across another firewall using SSL.
The scalability of VPNs can sometimes be improved by the use of dedicated server hardware. To cover that, however, we’d have to wade through the competing claims of VPN vendors: perhaps a subject for another day.
VPN resources
The Virtual Private Network Consortium maintains a list of its members, a table of IPsec VPN features supported by each vendor, and a table of SSL VPN features supported by each vendor. VPNC also supplies SimpleCA, a free, open-source certificate authority package for VPN administrators.
iSCSI
iSCSI is Internet SCSI (Small Computer System Interface), an Internet Protocol (IP)-based storage networking standard for linking data storage facilities, developed by the Internet Engineering Task Force (IETF). By carrying SCSI commands over IP networks, iSCSI is used to facilitate data transfers over intranets and to manage storage over long distances. The iSCSI protocol is among the key technologies expected to help bring about rapid development of the storage area network (SAN) market, by increasing the capabilities and performance of storage data transmission. Because of the ubiquity of IP networks, iSCSI can be used to transmit data over local area networks (LANs), wide area networks (WANs), or the Internet and can enable location-independent data storage and retrieval.
How iSCSI Works:
When an end user or application sends a request, the operating systemgenerates the appropriate SCSI commands and data request, which then go through encapsulation and, if necessary, encryption procedures. A packetheader is added before the resulting IP packets are transmitted over anEthernet connection. When a packet is received, it is decrypted (if it was encrypted before transmission), and disassembled, separating the SCSI commands and request. The SCSI commands are sent on to the SCSI controller, and from there to the SCSI storage device. Because iSCSI is bi-directional, the protocol can also be used to return data in response to the original request.
iSCSI is one of two main approaches to storage data transmission over IP networks; the other method, Fibre Channel over IP (FCIP), translates Fibre Channel control codes and data into IP packets for transmission between geographically distant Fibre Channel SANs. FCIP (also known as Fibre Channel tunneling or storage tunneling) can only be used in conjunction with Fibre Channel technology; in comparison, iSCSI can run over existing Ethernet networks. A number of vendors, including Cisco, IBM, and Nishan have introduced iSCSI-based products (such as switches and routers).
