Re: NFS Over Private Network
Date: 03/25/04

  • Next message: Luc I. Suryo: "Re: NFS Over Private Network"
    Date: Thu, 25 Mar 2004 08:58:00 -0700

    On Wed, Mar 24, 2004 at 10:52:46PM -0600, Thomas Lindsay wrote:
    > To what degree does this solution *protect* the share itself? Is there a
    > way to tie the server share to a given interface, or better yet, bind nfsd
    > itself to a specific interface? Call me paranoid, but I don't trust the
    > builtin security mechanisms of nfs too far, especially considering the
    > vulnerability rates of some Solaris rpc services in recent years.
    > If nfsd cannot be specifically bound to a given interface (and hence not
    > bound to others), then a private network between two machines will serve
    > only to prevent man-in-the-middle types of attacks but still leaves the
    > data vulnerable to any attack on the nfs server itself through the public
    > interfaces.
    > Ideas?
    Well nfs was never designed to be secure. So my suggestion would be to
    tunnel it via ssh from point to point.

    Best Regards,

    /*  Security is a work in progress - dreamwvr                 */
    #                               48 69 65 72 6F 70 68 61 6E 74 32
    # Note: To begin Journey type man afterboot,man help,man hier[.]      
    # 66 6F 72 20 48 69 72 65                              0000 0001
    // "Who's Afraid of Schrodinger's Cat?" /var/(.)?mail/me \?  ;-]

  • Next message: Luc I. Suryo: "Re: NFS Over Private Network"

    Relevant Pages

    • Re: What doesnt lend itself to OO?
      ... The whole idea that a subsystem is just ... > The first line exists in the server. ... objects between client and server i.e. as far as the client code is ... > external interface is the traditional input interface whose ...
    • Re: More Get-IPlayer Questions
      ... to use with mutt mail client. ... antinat - 0.90-4 - Antinat is a flexible SOCKS server and client ... protocol for Sybase or MS SQL Server. ... ifstat - 1.1-1 - InterFace STATistics Monitoring ...
    • Re: Brian Kernighan, maybe Im not worthy, maybe Im scum
      ... If you think I'm giving a verbose pseud write access to my server, ... interface appears in C Sharp as consisting of sbyte arrays. ... failed to see that a for loop is not just a while loop because a while ... chilling effect on freedom of speech. ...
    • Re: Cannot get NAT to route in RRAS
      ... The basic problem is that you are using an ADSL modem on the server. ... I would suggest that you set up a demand-dial interface to act as the ... Static Route wizard, create a default route using this interface (ie put ...
    • Re: Cannot get NAT to route in RRAS
      ... ADSL Link was set as the Public interface in NAT, ... The static route also adds in fine using the ADSL Link interface, ... separate DNS server handles client’s requests, ... > Internet connection. ...