Re: Securing NSF

Larry J. Hughes Jr. (larry@nwnet.net)
Thu, 2 Jan 1997 16:53:48 -0800 (PST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Markus H|bner: "Security & Hackerscene site"
Previous message: John D. Pritchard: "Re: Securing NSF"
In reply to: Jas: "Re: Securing NSF"
Next in thread: Alexander O. Yuriev: "Re: Securing NSF"

> try SecureNFS or Kerberos NFS
[snip]

They're both minor improvements over vanilla NFS, but be aware of their
limitations.

Secure NFS uses Secure RPC (i.e. AUTH_DES authentication), which is based
on a 192-bit Diffie-Hellman modulus -- small enough to be cryptanalyzed.
(I think there's even a crack program for it.)

Kerberos NFS, at least of the MIT variety (is there another?),
authenticates only the mount, not filesystem I/O.  Trouble is, you can
altogether bypass mounts with NFS, and go right to the I/O, if you know, 
sniff, or can guess the filehandle.

---
Larry J. Hughes Jr.    larry@nwnet.net     http://www.nwnet.net/~larry/

Next message: Markus H|bner: "Security & Hackerscene site"
Previous message: John D. Pritchard: "Re: Securing NSF"
In reply to: Jas: "Re: Securing NSF"
Next in thread: Alexander O. Yuriev: "Re: Securing NSF"