Security Basics mailing list archives
Re: Secure NFS
From: Gene Yoo <gyoo () attbi com>
Date: Mon, 24 Feb 2003 09:03:34 -0800
Peet Grobler wrote:
I've been wondering about this for a while now... Everybody knows NFS is insecure. Right. So no-one uses it. Why not simply modify NFS to use encryption? Why not? Not tunneling, modify the source to either (a) establish ssl connections, or (b) manually encrypt all traffic (I would prefer this one). I'd say, for added security, don't use any public-key exchange. Have a configuration file in which you can specify, say, 6 keys, which will dynamically be changed on-the-fly. If you're interested in such a solution (any one of the above), let me know. I could probably hack it together this weekend, and provide you with a patch. I have been meaning to do this, for the experience. I know how to do it, just never did it, since no-one would use it :) Lemme Know, Peet -----Original Message----- From: slaanesh () netcourrier com [mailto:slaanesh () netcourrier com] Sent: 20 February 2003 07:17 To: security-basics () securityfocus com Subject: Secure NFS Hello all, I would like to set up a secure NFS in my network. However, I really would like not to have to install portmap deamon on my server as I don't trust it anymore. Moreover, I would like all the network trafic to be encrypted. I naturally turn myself to SFS server and clients but it doesn't fit my needs. I want a secure exportable file system that I could add to my /etc/fstab file so it could be mounted at boot time (to store users' home directory for instance). I know there is a way for tunnelling NFS with SSH but it seems too experimental for production... So what should I do to resolve this problem ? Slaanesh
<snip>you should look into SFS (self-certifying file system) -> fs.org. this topic has been out for some time and i believe you could search this through sage or usenix dot org.
-- <<gyoo [at] attbi [dot] com>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) iQCUAwUBPhxERRxoVYCzmrKXAQJK5gP3Y7CTsFyKpEz2p5W4GWI9+qSm+kWfdJ0R xNlma0Ma9rAL/OBJcZMo5IXyXas+3Edogbv4Al6dIf8lot1WS0Iaxxl/cg2f7gf+ otf7LfNpZDE/6OzR7A1qN6baPMLSjGzywwQWMfSVuWWb6kGQxMsA13Kn68G7Ozxs 5CODZqUPyg== =AolA -----END PGP SIGNATURE-----
Current thread:
- Secure NFS slaanesh (Feb 20)
- RE: Secure NFS Peet Grobler (Feb 22)
- Re: Secure NFS Gene Yoo (Feb 24)
- Re: Secure NFS Barry Irwin (Feb 27)
- Re: Secure NFS Michael Osten (Feb 28)
- Re: Secure NFS Bear Giles (Feb 28)
- RE: Secure NFS Peet Grobler (Feb 22)