Re: Is there any encrypted or secure NFS?

To: Mark Roach <mrroach@okmaybe.com>
Cc: debian-user@lists.debian.org
Subject: Re: Is there any encrypted or secure NFS?
From: Rohit Kumar Mehta <rohitm@engr.uconn.edu>
Date: Tue, 06 Jan 2004 07:51:48 -0500
Message-id: <[🔎] 3FFAAF64.9070609@engr.uconn.edu>
References: <[🔎] 20040103133048.GA9516@hpd.the-sphere.org> <[🔎] 20040103135009.GA4969@xinara.org> <[🔎] 1073244965.17139.3.camel@flmrroach.okmaybe.com> <[🔎] 3FF95D6A.7080706@engr.uconn.edu> <[🔎] 1073355266.17139.107.camel@flmrroach.okmaybe.com> <[🔎] 20040106022503.GA29849@segvio.org> <[🔎] 1073359169.17138.123.camel@flmrroach.okmaybe.com>

Mark Roach wrote:

On Mon, 2004-01-05 at 21:25, Brett Carrington wrote:

On Mon, Jan 05, 2004 at 09:14:27PM -0500, Mark Roach wrote:
This might be encrypted, but hardly secure, for instance if user A hasphysical access to NFS clientand user B has physical access to nfs client, what prevents user A fromaccessing user B's files through VPN?
File permissions.
Even so, you'd have this problem with or without an IPSec VPN. The VPN's
job, in this case, is lower-layer encryption. File systems on your
host/NFS Client are out of the spectrum of what a VPN can do. A VPN is
only going to protect your data from snoopers of NFS packets.


Right, which is why I pointed to file permissions instead of the VPN as
the protecting factor here. I don't really know what Rohit was
suggesting as an alternative, but if he thinks there is any security
mechanism that can protect against all attacks regardless of whether the

attacker has root, he is mistaken.

<rant>At some point there has to exist a status of "trusted." Unless you
want to lock your computer in a vault, set bios and lilo passwords, buy
a van-eck cage, and carry your keyboard with you at all times, you are
probably better off protecting yourself from the class of attackers who
pose an actual (plausible) threat.</rant>

I'm sorry, maybe I did not make myself clear. If my client has accessto an NFS file serverthe NFS fileserver depends on my client to establish the UID. Thatmakes file permissionsfairly worthless in my opinion. SMBFS requires authentication to accessthe network resource andLinux enhanced smbfs supports all the great UNIX stuff like symlinks andpermission bits (although I

do not know about ACLS)

AFS at least demands kerberos authentication for access to the networkresources. It just seems prohibitivelydifficult to implement. I was not talking about sniffing packets overthe network, just the common situationwhere you want one user to have access to a file from a workstation, butanother user at the same workstation

to not have access to that file.

Reply to:

References:
- Is there any encrypted or secure NFS?
  - From: Antonio Rodriguez <arodriguez31@cfl.rr.com>
- Re: Is there any encrypted or secure NFS?
  - From: "J.H.M. Dassen (Ray)" <fsmla@xinara.org>
- Re: Is there any encrypted or secure NFS?
  - From: Mark Roach <mrroach@okmaybe.com>
- Re: Is there any encrypted or secure NFS?
  - From: Rohit Kumar Mehta <rohitm@engr.uconn.edu>
- Re: Is there any encrypted or secure NFS?
  - From: Mark Roach <mrroach@okmaybe.com>
- Re: Is there any encrypted or secure NFS?
  - From: Brett Carrington <brettcar@segvio.org>
- Re: Is there any encrypted or secure NFS?
  - From: Mark Roach <mrroach@okmaybe.com>

Prev by Date: Strange console font problem
Next by Date: Re: 2.6 kernel not autoloading modules
Previous by thread: Re: Is there any encrypted or secure NFS?
Next by thread: Re: Is there any encrypted or secure NFS?
Index(es):
- Date
- Thread