[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Is there a NFS alternative?



At 12:52 PM 2/7/2007, Arthur Pemberton wrote:
>>It was a while ago when I read that NFS was difficult to secure with (the
>>use of) ssh and iptables (or something like that).
>>
>>I really needed an alternative that works and can be made secure.

>> If not, what is the closest thing to NFS?

>Subdue NFS to use only one port, firewall all other ports
>off....possible filter the NFS port too?

That is what I read and I was looking for an alternative to that. Is there
other solution? Or this is the best available solution already?

Well, if you can suggest how the solution could be made better, I or
others can maybe suggest how to implement it.

The only other thing i can think of is have port mapper interface with
iptables in a plug and play type firewall way (or however Windows
refers to it)

At 01:52 PM 2/7/2007, Olivier Galibert wrote:
What is your threat model?  What do you want to be secured against?

  OG.

At 02:04 PM 2/7/2007, Lamont Peterson wrote:
Kerberized NFS, preferably NFS4.

AndrewFS or CodaFS.

Thanks everybody for replying!

I am hoping for a secure solution to mount directories "shared out" from my other computer located remotely over the Internet. So that I can edit source files and execute programs "locally" and compile remotely (a much faster machine).

Whether I go with subdued NFS or NFS4, I will have to secure the communication channels with ssh tunnels and doing it the ad-hoc way (scripted) is a lot of hassles for daily use with connection that can get cut once in a while (daily, for example.)

Without a secure solution, I would just use scp (and possibly develop other solutions to sync files.)

With Fedora Core's iptables policies and selinux, I feel secure leaving computers exposed to the Internet, knowing that I won't ending up suspecting a breach and spending a lot of time dealing with it. It would be regrettable to use a network service (likes NFS without ssh tunnels) that makes me feel uncertain and insecure. The peace of mind is invaluable.

I have at most read about AFS (and used it as an end user in an administered environment) and CodaFS, but don't know if encryption of network communication is built in or integrated. I suspect not. (Haven't done the research yet...)

Is NFS(4) still the best (and easiest-to-use?) solution?

Thanks.


--
Daniel Yek


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]