Security Basics mailing list archives
Re: shared home directory placement
From: Mike Lococo <mike.lococo () nyu edu>
Date: Mon, 07 Jan 2008 17:02:25 -0500
Jason wrote:
excellent response, thank you very much! I'm actually in a rare situation where I don't have to worry about legacy systems, so I was shooting for NFSv4 and all Linux/Solaris 10 hosts.
Then none of my previous response applies to you, since NFSv4 is both firewallable and has sane authentication which is enforced by the server (not the client).
As to your original question about whether you should leave your NFS server in the trusted zone or move it to a new zone, you should decouple the question of zoning from your NFS project. Make an asset classification scheme, create the number of zones needed to provide security partitioning between them, and put your NFS server in the zone where it belongs. In simple cases you often end up with:
- a client/workstation network - a low-security server network (the DMZ) - a high-security server network (the DB/backend/internal network)But jumping to the above technical implementation without doing the work of understanding your asset categories is quite likely to leave you with an infrastructure that is ill-suited to your partitioning needs.
As always, YMMV. Thanks, Mike Lococo
Current thread:
- shared home directory placement Jason (Jan 07)
- RE: shared home directory placement Kevin Ortloff (Jan 07)
- Re: shared home directory placement Mike Lococo (Jan 07)
- Message not available
- Re: shared home directory placement Mike Lococo (Jan 07)
- Message not available