Home page logo

basics logo Security Basics mailing list archives

Re: Secure NFS
From: Bear Giles <bgiles () coyotesong com>
Date: Thu, 27 Feb 2003 11:09:29 -0700

 > I've been wondering about this for a while now...

Everybody knows NFS is insecure. Right. So no-one uses it. Why not simply
modify NFS to use encryption? Why not?

Not tunneling, modify the source to either (a) establish ssl connections, or
(b) manually encrypt all traffic (I would prefer this

(I'm coming in late, so maybe this has already been mentioned.)

Standard NFS is built on top of standard RPC, and the latter is insecure because almost all sites support "unix authentication" at best. That's user-id based, trivially forged by anyone with root access.

But RPC is an extensible protocol and there are a number of secure alternatives to Unix authentication. RPC-DES has been around for years, and RPC-GSSAPI (Kerberos) almost as long. I don't recall seeing RPC-PKIX (SSL), but it's an obvious extension. Use any of these, and truly secure NFS falls out of it. All you have to do is make a trivial change to the NFS client and server to require the secure alternative, plus whatever changes you need to access the new authentication objects.

The latter has been the killer. It's not impossible - SecureNFS and SecureRPC (using DES) have been on the market for years - but it requires a nontrivial amount of work to set up. The traditional Unix vendors could afford the investment, but the OSS community largely (and falsely) believes that SSH tunnels eliminate the need for this. SSH tunnels might work great when connecting a handful of systems, but it doesn't scale well.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]