Payne, Steve writes:
>The reason wide are mounts are bad is because of several cases.
>I'll list a few, maybe some one else can add to these.
> 1. Security, there is no real security based on the
> protocols (RPC over UDP's).
> 2. Authentication, there is an authentication mechanism, (pcnfsd)
> however the true authentication is at the ip level, in that the
> workstation ip address is used for access, this can be defeated.
Both of these can be addressed by a user-space NFS server. You can
use the server at ftp://ftp.quick.com.au/pub/security/unfs/
to force TCP based NFS without portmaper and authenticating via the
TIS auth server.
> 3. The reason I say bad for wide are mounts is IP_SPOOFING
> If IP_SPOOFING is not checked at the main router coming in
> to the net then an attack can be launched by spoofing a true
> ip address on the internal net.
Crypto is the best bet for this. The next release of unfs (actually
I'll be changing the name to snfs as unfs is the name of a Linux
project) will be able to use SSL as its transport.
> 4. Stateless server, critical applications for clients can fail if the
> server goes down.
Sadly, requiring challenge/response for mounting makes this situation
much worse. The SSL based server should be better.
--sjg
Follow-Ups:
References:
|
|
