Security Basics mailing list archives

Re: Secure NFS

From: Gene Yoo <gyoo () attbi com>
Date: Mon, 24 Feb 2003 09:03:34 -0800

Peet Grobler wrote:

I've been wondering about this for a while now...

Everybody knows NFS is insecure. Right. So no-one uses it. Why not simply modify NFS to use encryption? Why not?

Not tunneling, modify the source to either (a) establish ssl connections, or (b) manually encrypt all traffic (I would 
prefer this
one).

I'd say, for added security, don't use any public-key exchange. Have a configuration file in which you can specify, 
say, 6 keys,
which will dynamically be changed on-the-fly.

If you're interested in such a solution (any one of the above), let me know. I could probably hack it together this 
weekend, and
provide you with a patch. I have been meaning to do this, for the experience. I know how to do it, just never did it, 
since no-one
would use it :)

Lemme Know,
Peet

-----Original Message-----
From: slaanesh () netcourrier com [mailto:slaanesh () netcourrier com]
Sent: 20 February 2003 07:17
To: security-basics () securityfocus com
Subject: Secure NFS


Hello all,

I would like to set up a secure NFS in my network. However, I really would like not to have to install portmap deamon 
on my server
as I don't trust it anymore. Moreover, I would like all the network trafic to be encrypted.
I naturally turn myself to SFS server and clients but it doesn't fit my needs. I want a secure exportable file system 
that I could
add to my /etc/fstab file so it could be mounted at boot time (to store users' home directory for instance).
I know there is a way for tunnelling NFS with SSH but it seems too experimental for production...

So what should I do to resolve this problem ?

Slaanesh


<snip>

you should look into SFS (self-certifying file system) -> fs.org. thistopic has been out for some time and i believe you could search thisthrough sage or usenix dot org.



--
<<gyoo [at] attbi [dot] com>>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)

iQCUAwUBPhxERRxoVYCzmrKXAQJK5gP3Y7CTsFyKpEz2p5W4GWI9+qSm+kWfdJ0R
xNlma0Ma9rAL/OBJcZMo5IXyXas+3Edogbv4Al6dIf8lot1WS0Iaxxl/cg2f7gf+
otf7LfNpZDE/6OzR7A1qN6baPMLSjGzywwQWMfSVuWWb6kGQxMsA13Kn68G7Ozxs
5CODZqUPyg==
=AolA
-----END PGP SIGNATURE-----

Current thread:

Secure NFS slaanesh (Feb 20)
- RE: Secure NFS Peet Grobler (Feb 22)
  - Re: Secure NFS Gene Yoo (Feb 24)
  - Re: Secure NFS Barry Irwin (Feb 27)
    - Re: Secure NFS Michael Osten (Feb 28)
    - Re: Secure NFS Bear Giles (Feb 28)