>The file system protocol from Microsoft (reference Windows95) is called SMB
>(server message block) and can be encapsulated in TCP/IP.
>Notice that this is much more easily controlled because it uses TCP rather than UDP.
It's "easy" to control the use of NBT (netbios over TCP), which SMB
uses, but unless I'm mistaken (will anyone correct me if I'm wrong?? ;)
the same TCP connection is used for things like printer sharing, pop-up
messages, &c. You either let them all through, or none. >:-P
>The big problem IMHO is that the NFS vulnerability interferes with
>selective trust of specific UDP ports because it uses ports indiscriminantly.
NFS can use TCP (that's been mentioned, right?). Don't know about its
TCP port usage firsthand, though. Use IPSec, SSL, VPNs, or whatever
(availability will vary) with NFS/TCP, and you overcome some of the
main wide-wooly-internet security issues of NFS. But you'll still be
trusting the remote system to authenticate the user.
--
KH
Follow-Ups:
|
|
