local development server and mapping drives
Jack
quiet_celt at yahoo.com
Fri Apr 29 16:28:45 CDT 2005
--- Jason Clinton <me at jasonclinton.com> wrote:
> On Friday 29 April 2005 14:03, Bill Cavalieri wrote:
> > While nfs not the solution you needed for your
> setup. I have nfs in many
> > locations, never had any security problems. Its
> not the best remote
> > filesystem (defaults to udp among other things),
> but certainly quieter than
> > using smb/cifs on the network.
>
> I chose NFS for those locations because it was the
> simplest to implement and
> ensured that no unexpected permissions issues would
> be introduced by having
> ...
> NFS is extremely insecure but still usable in places
> where security
> requirements are very low.
> ... NFS is vulnerable
> in three big ways:
>
> * no authentication
> * everything is sent over the wire with absolutely
> no encryption
> * where the server is configured to only allow root
> clients from certain
> 'trusted' IP addresses, a simple ARP poison will
> allow root access to that
> share from anywhere on the network
That is my concern. While the system is going to be
internal and I will add host based firewalling (thanks
for the suggestion D.) and everything is behind a
firewall, the data on some of the boxes will or may be
sensitive and belongs ultimately to my customers.
While I keep the truly most sensitive information
locked up, I take security seriously. What my
customers do with it after it leaves my systems is
their perogotive, but I won't expose them anymore than
I have to. It may be a paranoid approach, but I feel
it is the responsible approach.
Brian D.
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the Kclug
mailing list