Re: NIS/NFS alternatives?

To: Miquel van Smoorenburg <miquels@cistron-office.nl>
Cc: debian-user@lists.debian.org
Subject: Re: NIS/NFS alternatives?
From: Alvin Oga <aoga@Maggie.Linux-Consulting.com>
Date: Sat, 6 Oct 2001 05:03:36 -0700 (PDT)
Message-id: <[🔎] Pine.LNX.3.96.1011006045335.19283A-100000@Maggie.Linux-Consulting.com>
In-reply-to: <[🔎] 9pmo5a$i81$2@ncc1701.cistron.net>

hi ya...

for more secure rpc... secure portmapper etc.. ( bottom of link )
	http://www.linux-sec.net/Harden/services.gwif.html

for allowng users to log into any pc and get work done..
	- requires a home server that is gonna stay up most of the time
	-
	- you'd need to either pass the passwd/shadow files around
	( my preference to pass files around ) or use nis ( not mypreference )

if you are worried about security.... 
	- what are you paranoid about???
	- login authentication -- gazilion ways ...
	- disable dhcp and use all ip# defined by the "mask"
	- data loss ???? --  do backups
	- people breaking into your servers
	 ( 80-90% most attacks are inside your lan )
	- server too vulnerable ???
	  apply patches, implement a tighter security policy
	- [h/cr]ackers raising havoc with your servers
	( fun/annoying stuff to try to defend )
	- wanna know when somebody broek into your boxes
		- implement ids's
	- wanna know who/how they got int...
		- implemnent a "good" foresnsics plan
	- wanna know why they got in..
		- probably for the fun of it

-- blah blah... fun stuff...
	http://www.Linux-Sec.net

c ya
alvin

On Sat, 6 Oct 2001, Miquel van Smoorenburg wrote:

> In article <[🔎] 1002296006.26186.2.camel@magnesium.dyndns.org>,
> Greg Fischer  <gfischer4@mediaone.net> wrote:
> >I'm administrating a network of Debian potato machines using NIS/NFS at
> >a small high school right now.  We're behind a pretty beefy firewall,
> >but I still know it's not very secure.  I couldn't get LDAP
> >authentication working and I only had 2 days to do the whole thing.
> >Probably at the end of the year, I am going to upgrade the lab to woody
> >(which will hopefully be stable) and reconsider
> >filesharing/authentication.  I'd like each user to be able to sit down
> >at any workstation and be able to access their files.  Any ideas?
> 
> Well, do you know the background behind this? Why do you think NIS
> and NFS are insecure? Because someone told you? Why do you think
> LDAP is more secure (without SSL, it's *way less* secure - plaintext
> passwords over the wire!).
> 
> I wouldn't worry too much about NIS and NFS abuse from the 'outside'-
> if you set up both properly that can only be accessed from within
> the local network anyway. So it's the local network you should be
> worried about,
> 
> Do random people have access to the ethernet and can they plug
> in their own machines? Do you use hubs or switches? Do users
> have root access on their 'own' workstation?
> 
> Once you can answer these questions, you can make an informed
> decision about what is and what isn't secure.
> 
> Mike.
> -- 
> Move sig.
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>

Reply to:

Follow-Ups:
- Re: NIS/NFS alternatives?
  - From: Miquel van Smoorenburg <miquels@cistron.nl>

References:
- Re: NIS/NFS alternatives?
  - From: miquels@cistron-office.nl (Miquel van Smoorenburg)

Prev by Date: Re: NIS/NFS alternatives?
Next by Date: Re: ping works not on all sites
Previous by thread: Re: NIS/NFS alternatives?
Next by thread: Re: NIS/NFS alternatives?
Index(es):
- Date
- Thread