Fileserver access from public networks?
Hi! I have some questions how to understand the usual security advices regarding file services and public networks. The usual scenario is a lan, with the internal servers (e.g. the file server), secured by firewall solutions, a dmz, with external servers like www or ftp, also secured with a firewall. Everybody tells you: isolate the fileserver from public networks, don't use smb or appleshare across the internet. Ok. But we have the following scenario: we are at university here, students want to acces data from the internet. So there must be some kind of internet access to the file server. Here are my questions: - Why do people run ftp servers to share files, but tell me that cifs(smb) and appleshare are "insecure" on public networks. Both encrypt passwords... and data is not encrypted in ftp, too (?). I is much simpler for users to use the same protocol (smb/applehare) in university networks and at home (and ftp doesn't keep type and creator information important for the mac-clients). - I don't want to have one external server and one internal. I'm almost sure that just the file I need when connecting from the outside will always be on the internal server than ;-), and how to explain our users that they have one account, but are to store data ont wo file servers... Is it the only solution to have one internal and one external file server, not connected? - If I really install a second external file server, what about linking it into the internal one? So I could create a subdir "internet_box" in users' home dir's, pointing to their nfs-mounted directories on the external server. So they could decide to make their files internet-accessable or not (some will have all their data on the external server, while seeing only one file server, while others who only work from university network won't use this directory at all). What about this scenario? How do you implement such installations? We are going to expand our students' computer lab soon, and I want to have a clear structure of servers and networks before. Thank You, CU, Lars. www.rechnerpool.com
On Sat, Aug 17, 2002 at 01:38:03PM +0200, Lars O. Grobe wrote:
- Why do people run ftp servers to share files, but tell me that cifs(smb) and appleshare are "insecure" on public networks. Both encrypt passwords... and data is not encrypted in ftp, too (?).
NFS and SMB do not encrypt passwords. NFS by default does not use any authentication at all; it just assumes the uids/gids included in an NFS request can be trusted. So you cannot use NFS (with the default authentication flavor) over untrusted networks. SMB is just slightly better because the client authenitcates by transmitting a hashed password. But that's not much better, because this hashed password is what's called clear-text equivalent. Meaning: if an attacker snatches the password, s/he can just send a fake SMB request using this hashed password and will authenticate successfully. Another issue with NFS and probably SMB as well is that they weren't really designed for long-haul links with large latencies. NFS over anything but a LAN will definely *crawl*. SMB likewise despite M$ calling it as Common Internet File Sharing (CIFS) nowadays. For WAN file sharing you either need low-tech mechanisms like ssh-copy or rsync, which synchronize entire files or even file trees, or file sharing protocols specifically designed with Internet use in mind, such as AFS, or Coda (there's another one the name of which I keep forgetting; it consists mostly of a small VFS shim for the Linux kernel and a user space portion written in perl). The common denominator of all these protocols is that they use strong authentication, and that they perform a very different sort of caching on the client side than NFS/SMB, and hence perform order of magnitude better. Finally, opening your file sharing servers to the Internet is also a bad idea from the vulnerability perspective. NFS servers are complex beasts, and SMB even more so; if there's any bug left in one of them, you give attackers remote root access to your server and all its files.
- If I really install a second external file server, what about linking it into the internal one? So I could create a subdir "internet_box" in users' home dir's, pointing to their nfs-mounted directories on the external server. So they could decide to make their files internet-accessable or not (some will have all their data on the external server, while seeing only one file server, while others who only work from university network won't use this directory at all). What about this scenario?
That's a reasonable approach for separating data. That still leaves you with the question of authentication/performance wrt the external file server, but you're one step closer now. Olaf -- Olaf Kirch | Anyone who has had to work with X.509 has probably okir@suse.de | experienced what can best be described as ---------------+ ISO water torture. -- Peter Gutmann
participants (2)
-
Lars O.Grobe
-
Olaf Kirch