Security Basics mailing list archives

Re: Secure NFS

From: "Barry Irwin" <bvi () itouchlabs com>
Date: Thu, 27 Feb 2003 09:28:39 +0200

another option would be to run NFS over a transport layer encryption like
IPSEC.  IPSEC is becomming more ame more widly supported and so shouldnt
really be a problem.   The only concern tho is that any kind of encryption
will add additional load onto the systems.  This can be mitigated by careful
selection of the type of encryption, as well as additional hardware if
neccessary.

I prefer this solution as it builds on existing tech rather than adding in
bits and pieces to Daemons, which could raise compatability issues.

Barry


--
Barry Irwin         bvi () itouchlabs com                    Tel:
+27214875178
Systems Administrator: Networks And Security
iTouch TAS      http://www.itouchlabs.com         Mobile: +27824457210


----- Original Message -----
From: "Peet Grobler" <peetgr () absa co za>
To: <slaanesh () netcourrier com>; <security-basics () securityfocus com>
Sent: Friday, February 21, 2003 7:09 AM
Subject: RE: Secure NFS


I've been wondering about this for a while now...

Everybody knows NFS is insecure. Right. So no-one uses it. Why not simply
modify NFS to use encryption? Why not?

Not tunneling, modify the source to either (a) establish ssl connections, or
(b) manually encrypt all traffic (I would prefer this
one).

Current thread:

Secure NFS slaanesh (Feb 20)
- RE: Secure NFS Peet Grobler (Feb 22)
  - Re: Secure NFS Gene Yoo (Feb 24)
  - Re: Secure NFS Barry Irwin (Feb 27)
    - Re: Secure NFS Michael Osten (Feb 28)
    - Re: Secure NFS Bear Giles (Feb 28)