Network Security: File sharing & remote X sessions
Hello,
I want to set-up a secure file-sharing and x-terminal server.
I have a small home network, which I share with my family.
I have a few computers (running Debian) which I administer and trust.
My family has several computers (running Windows), which I choose not
to trust.
I want to configure a Debian server to:
- Offer X sessions to my trusted computers
- Share files between my trusted computers
- Offer remote storage to the untrusted (Windows) computers
I want everything to be set-up as secure as possible, choosing not to
trust my LAN.
I have looked into NFS, SFS and SHFS to share files between my trusted
computers:
- NFS does not seem secure.
- SFS seems secure, but it seems to me that because it uses NFS
exports to localhost, a local user could use ssh to forward the NFS
exports to a remote host and access arbitrary files from there; of
course this is no problem when there are no untrusted local users.
- SHFS seems secure, but I have no idea how well it performs.
As for XDMCP and SSH w/ X-forwarding:
- XDMCP seems insecure.
- SSH w/ X11 is secure, but seems to lack the X session flexibility
that XDMCP offers.
So here are my questions:
- Is there a secure NFS alternative I haven't found ?
- Or is there a way to configure NFS/SFS to prevent local users from
forwarding NFS exports to other hosts w/ ssh ?
- Or is SHFS the way to go ?
And:
- Is there a secure XDMCP alternative ?
- Or a way to secure XDMCP ?
Any other suggestions, links to relevant documentation/howto's or
suggestions on how to securely serve files to Windows hosts (w/
Samba?) are welcome as well.
Felix
--
Felix C. Stegerman <flx@hccnet.nl>
"Everyone knows that debugging is twice as hard as writing a program
in the first place. So if you are as clever as you can be when you
write it, how will you ever debug it?" -- B. Kernighan
Reply to: