local development server and mapping drives
Jason Clinton
me at jasonclinton.com
Fri Apr 29 14:34:48 CDT 2005
On Friday 29 April 2005 14:03, Bill Cavalieri wrote:
> While nfs not the solution you needed for your setup. I have nfs in many
> locations, never had any security problems. Its not the best remote
> filesystem (defaults to udp among other things), but certainly quieter than
> using smb/cifs on the network.
I chose NFS for those locations because it was the simplest to implement and
ensured that no unexpected permissions issues would be introduced by having
the added Windows compatibility that we didn't need for those servers -- not
for bandwidth reasons. NFS is much larger than SMB/CIFS because every single
IO request made by an application is passed over the network verbatim to the
destination server where it is interpreted as being made by a local
application. Literally, every single request that any app might make of a
file system goes over the wire without modification.
NFS is extremely insecure but still usable in places where security
requirements are very low. There is a non-standard version of NFS out there
that supports public key authentication and encryption however, as far as I
know, it's not available in Vanilla distro installations. NFS is vulnerable
in three big ways:
* no authentication
* everything is sent over the wire with absolutely no encryption
* where the server is configured to only allow root clients from certain
'trusted' IP addresses, a simple ARP poison will allow root access to that
share from anywhere on the network
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://kclug.org/pipermail/kclug/attachments/20050429/22de2040/attachment-0001.pgp
More information about the Kclug
mailing list