Firewalls: Re: NFS vs. FTP

Firewalls
(October 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: NFS vs. FTP
From:	Christian Kuhtz <kuhtz @ ix . netcom . com>
Date:	Thu, 24 Oct 96 13:09:58 -0600
To:	"Data Systems Bureau" <lasdsdn @ ix . netcom . com>
Cc:	<firewalls @ greatcircle . com>
References:	<199610241709 . KAA24651 @ dfw-ix6 . ix . netcom . com>
Reply-to:	Christian Kuhtz <kuhtz @ ix . netcom . com>

Hi Fabian:

I must say that the organization you were referring to has a rather strange open door, excuse me, security policy.  You are right to be very uncomfortable with an external organization passing NFS traffic into your network.

One might paraphrase that "other organizations" security policy like this:  In order to prevent break-ins into our building, rather than controlling who has access to the keys, we'll leave the doors out completely and therefore save the worries and hassle about maintaining lists of who has and who doesn't have access to the keys.

IMHO, frankly, the other organization's security policy is bogus and an invitation to hackers.  It's amazing how much fun and delight it can be to comprise security via NFS.  Almost more fun than back-rev Sendmail installations, actually. ;-)

I would be more than happy to supply you with hard evidence instead of my above "appeal to logic".  NFS is not secure, and never will be.  Security was never a primary concern of NFS, more like an "add-on".

Regards,
Chris

References:

NFS vs. FTP
From: "Data Systems Bureau" <lasdsdn @ ix . netcom . com>

Indexed By Date	Previous:	Re: NFS vs. FTP From: "bettez @ telecom . hydro . qc . ca" <bettez @ telecom . hydro . qc . ca>
Indexed By Date	Next:	pop mail through gauntlet From: Mike Stoico <mstoico @ metlife . com>
Indexed By Thread	Previous:	Re: NFS vs. FTP From: "bettez @ telecom . hydro . qc . ca" <bettez @ telecom . hydro . qc . ca>
Indexed By Thread	Next:	Re: NFS vs. FTP From: Michael Dillon <michael @ memra . com>