Re: NFS Over Private Network
dreamwvr_at_dreamwvr.com
Date: 03/25/04
- Previous message: Simon Thornton: "RE: NFS Over Private Network"
- In reply to: Thomas Lindsay: "RE: NFS Over Private Network"
- Next in thread: Luc I. Suryo: "Re: NFS Over Private Network"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 25 Mar 2004 08:58:00 -0700 To: focus-sun@securityfocus.com
On Wed, Mar 24, 2004 at 10:52:46PM -0600, Thomas Lindsay wrote:
>
> To what degree does this solution *protect* the share itself? Is there a
> way to tie the server share to a given interface, or better yet, bind nfsd
> itself to a specific interface? Call me paranoid, but I don't trust the
> builtin security mechanisms of nfs too far, especially considering the
> vulnerability rates of some Solaris rpc services in recent years.
>
> If nfsd cannot be specifically bound to a given interface (and hence not
> bound to others), then a private network between two machines will serve
> only to prevent man-in-the-middle types of attacks but still leaves the
> data vulnerable to any attack on the nfs server itself through the public
> interfaces.
>
> Ideas?
Well nfs was never designed to be secure. So my suggestion would be to
tunnel it via ssh from point to point.
Best Regards,
dreamwvr@dreamwvr.com
-- /* Security is a work in progress - dreamwvr */ # 48 69 65 72 6F 70 68 61 6E 74 32 # Note: To begin Journey type man afterboot,man help,man hier[.] # 66 6F 72 20 48 69 72 65 0000 0001 // "Who's Afraid of Schrodinger's Cat?" /var/(.)?mail/me \? ;-]
- Previous message: Simon Thornton: "RE: NFS Over Private Network"
- In reply to: Thomas Lindsay: "RE: NFS Over Private Network"
- Next in thread: Luc I. Suryo: "Re: NFS Over Private Network"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
