Re: Is there any encrypted or secure NFS?
On Mon, 5 Jan 2004, Brett Carrington wrote:
> On Mon, Jan 05, 2004 at 09:14:27PM -0500, Mark Roach wrote:
> > > This might be encrypted, but hardly secure, for instance if user A has
> > > physical access to NFS client
> > > and user B has physical access to nfs client, what prevents user A from
> > > accessing user B's files through VPN?
> >
> > File permissions.
wont help ... the user has acces to their files on the other end
> Even so, you'd have this problem with or without an IPSec VPN. The VPN's
> job, in this case, is lower-layer encryption. File systems on your
> host/NFS Client are out of the spectrum of what a VPN can do. A VPN is
> only going to protect your data from snoopers of NFS packets.
"maybe"
places where the cracker can see your "credit card" ( sensitive data )
- while you're away from your desk
- while its still in netscape cache
- in transit to the webstore
- while its in memory (-- you've got bigger problems --)
- vpn/ssh snoopping of the wire (-- you've gove bigger problems--)
- from your home network ssh'd/vpn'd into the corp lan
- trash can
- i think the major comment, was what if the dude just sits at the
terminal while your away ..
- encrypted traffic or encrypted fs will not prevent the cracker
from seeing the "good data" they're not supposed to have seen
- always passwd protect your screen
and always use different passwds for each pc
"encryption" is still uselsess if you use ez 2 remember pass phrase or
words from the dictionary or common phrases and "misstyped" passwds ..
or written down on a piece of paper that is easy to find on the
keyboard, monitor, mousepad, drawers, rolodex, bookmarkers, ...
- it's even more trivial to go snooping if you use passwdless
logins
- allowing nfs just makes all the snooping easier ...
too many old holes - that may or may not be patched
nfs --> "Not For Security"
setting up and properly running a "secure nfs" is a whole other
ballgame
c ya
alvin
Reply to: