Re: NIS(Client && Server) + Security

To: g.galad@portugalmail.pt
Cc: debian-security@lists.debian.org
Subject: Re: NIS(Client && Server) + Security
From: Jamie Heilman <jamie@transient.net>
Date: Thu, 2 Jan 2003 20:03:51 -0800
Message-id: <[🔎] 20030103040351.GA14074@audible.transient.net>
In-reply-to: <[🔎] 1041548228.3e14c3c48e13f@webmail.portugalmail.pt>
References: <[🔎] 1041548228.3e14c3c48e13f@webmail.portugalmail.pt>

> I have 3 machines, A, B and C.  Machine A is my gateway,B my NIS,
> mail and SMB server and machine C is my WorkStation.  My doubt is if
> is secure to have a NIS client on machine A or simple re-direct my
> connections to machine B?

Unless there's something you've not told us there's no reason to have
A provide your NIS service, so why even consider it?  If you did put
NIS on machine A, for whatever reason, you would need to ensure hosts
external to your local network couldn't access the NIS service, which
could be done using the usual packet filtering techniques.  In general
NIS should never be exposed to untrusted access because its far too
vulnerable to attack.  I say this assuming A, B, C are all on a single
local network, if machine B is external to the network machine C is
on, well then, its a different story, and perhaps NIS isn't the best
tool for the job.  (IMO, NIS is almost never the best tool in
homogenous linux environments.)

-- 
Jamie Heilman                   http://audible.transient.net/~jamie/
"Most people wouldn't know music if it came up and bit them on the ass."
                                                        -Frank Zappa

Reply to:

Follow-Ups:
- Re: NIS(Client && Server) + Security
  - From: g.galad@portugalmail.pt

References:
- NIS(Client && Server) + Security
  - From: g.galad@portugalmail.pt

Prev by Date: Re: Bind9 stopped after 34 days of uptime
Next by Date: howto calculate fingerprints from ssh host keys?
Previous by thread: NIS(Client && Server) + Security
Next by thread: Re: NIS(Client && Server) + Security
Index(es):
- Date
- Thread