--- Jason Clinton [email protected] wrote:
On Friday 29 April 2005 14:03, Bill Cavalieri wrote:
While nfs not the solution you needed for your
setup. I have nfs in many
locations, never had any security problems. Its
not the best remote
filesystem (defaults to udp among other things),
but certainly quieter than
using smb/cifs on the network.
I chose NFS for those locations because it was the simplest to implement and ensured that no unexpected permissions issues would be introduced by having ... NFS is extremely insecure but still usable in places where security requirements are very low. ... NFS is vulnerable in three big ways:
- no authentication
- everything is sent over the wire with absolutely
no encryption
- where the server is configured to only allow root
clients from certain 'trusted' IP addresses, a simple ARP poison will allow root access to that share from anywhere on the network
That is my concern. While the system is going to be internal and I will add host based firewalling (thanks for the suggestion D.) and everything is behind a firewall, the data on some of the boxes will or may be sensitive and belongs ultimately to my customers. While I keep the truly most sensitive information locked up, I take security seriously. What my customers do with it after it leaves my systems is their perogotive, but I won't expose them anymore than I have to. It may be a paranoid approach, but I feel it is the responsible approach.
Brian D.
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com