Re: NFS Over Private Network

dreamwvr_at_dreamwvr.com
Date: 03/25/04

  • Next message: Luc I. Suryo: "Re: NFS Over Private Network"
    Date: Thu, 25 Mar 2004 08:58:00 -0700
    To: focus-sun@securityfocus.com
    
    

    On Wed, Mar 24, 2004 at 10:52:46PM -0600, Thomas Lindsay wrote:
    >
    > To what degree does this solution *protect* the share itself? Is there a
    > way to tie the server share to a given interface, or better yet, bind nfsd
    > itself to a specific interface? Call me paranoid, but I don't trust the
    > builtin security mechanisms of nfs too far, especially considering the
    > vulnerability rates of some Solaris rpc services in recent years.
    >
    > If nfsd cannot be specifically bound to a given interface (and hence not
    > bound to others), then a private network between two machines will serve
    > only to prevent man-in-the-middle types of attacks but still leaves the
    > data vulnerable to any attack on the nfs server itself through the public
    > interfaces.
    >
    > Ideas?
    Well nfs was never designed to be secure. So my suggestion would be to
    tunnel it via ssh from point to point.

    Best Regards,
    dreamwvr@dreamwvr.com

    -- 
    /*  Security is a work in progress - dreamwvr                 */
    #                               48 69 65 72 6F 70 68 61 6E 74 32
    # Note: To begin Journey type man afterboot,man help,man hier[.]      
    # 66 6F 72 20 48 69 72 65                              0000 0001
    // "Who's Afraid of Schrodinger's Cat?" /var/(.)?mail/me \?  ;-]
    

  • Next message: Luc I. Suryo: "Re: NFS Over Private Network"