home *** CD-ROM | disk | FTP | other *** search
- Comments: Gated by NETNEWS@AUVM.AMERICAN.EDU
- Path: sparky!uunet!paladin.american.edu!auvm!TEST.ARTS.SFU.CA!STEPHANE=BOURQUE
- Message-ID: <9301251157.AA18037@whistler.sfu.ca>
- Newsgroups: bit.listserv.banyan-l
- Date: Sat, 23 Jan 1993 09:50:30 PST
- Sender: Banyan Networks Discussion List <BANYAN-L@AKRONVM.BITNET>
- From: Stephane=Bourque%Eng%Incognito@TEST.ARTS.SFU.CA
- Subject: re: NFS pros & cons
- Lines: 37
-
- Mike...
-
- One of the security problems with NFS is that it relies on UID/GID
- in order to grant security access rights. This UID/GID is sent
- with every NFS requests to the NFS Server. This assumes you have
- control over ALL UID/GIDs and you are pretty good at keeping
- intruders out of your net.
-
- If someone creates a UID/GID on another box and later inserts that
- box on your net, they could potentially have the same UID/GID as
- someone else and therefore be granted the same access rights. This
- is very easy to do...there is no duplicate UID/GID (equivalent of
- a StreetTalk name) check on such a net.
-
- There are ways to enable NFS so it is more secure...but this is not
- supported on all platforms/clients.
-
- What we have had to add here at Incognito is the IP on top of all
- other things. So now you have UID/GID/IP to validate before any
- access. That cuts down almost all security holes.
-
- Pros...NFS let's you give access at any level of a file system using
- the exports file. This means that if I do not want people to access
- info on this disk, I just don't have an exports file. But if
- you make a mistake in that file, you could be giving `carte blanche'
- to anyone on the net to get at your files!
-
- NFS is so nice because it is supported on so many platforms. It is
- never as secure as VINES is. It offers `good' security while I
- would qualify VINES as `excellent'.
-
- If you have any other questions about NFS, you can send them to me
- directly.
-
- Thanks
- Stephane Bourque
- Incognito Software Inc.
-
