On Sat, Aug 17, 2002 at 01:38:03PM +0200, Lars O. Grobe wrote:
- Why do people run ftp servers to share files, but tell me that cifs(smb) and appleshare are "insecure" on public networks. Both encrypt passwords... and data is not encrypted in ftp, too (?).
NFS and SMB do not encrypt passwords. NFS by default does not use any authentication at all; it just assumes the uids/gids included in an NFS request can be trusted. So you cannot use NFS (with the default authentication flavor) over untrusted networks. SMB is just slightly better because the client authenitcates by transmitting a hashed password. But that's not much better, because this hashed password is what's called clear-text equivalent. Meaning: if an attacker snatches the password, s/he can just send a fake SMB request using this hashed password and will authenticate successfully. Another issue with NFS and probably SMB as well is that they weren't really designed for long-haul links with large latencies. NFS over anything but a LAN will definely *crawl*. SMB likewise despite M$ calling it as Common Internet File Sharing (CIFS) nowadays. For WAN file sharing you either need low-tech mechanisms like ssh-copy or rsync, which synchronize entire files or even file trees, or file sharing protocols specifically designed with Internet use in mind, such as AFS, or Coda (there's another one the name of which I keep forgetting; it consists mostly of a small VFS shim for the Linux kernel and a user space portion written in perl). The common denominator of all these protocols is that they use strong authentication, and that they perform a very different sort of caching on the client side than NFS/SMB, and hence perform order of magnitude better. Finally, opening your file sharing servers to the Internet is also a bad idea from the vulnerability perspective. NFS servers are complex beasts, and SMB even more so; if there's any bug left in one of them, you give attackers remote root access to your server and all its files.
- If I really install a second external file server, what about linking it into the internal one? So I could create a subdir "internet_box" in users' home dir's, pointing to their nfs-mounted directories on the external server. So they could decide to make their files internet-accessable or not (some will have all their data on the external server, while seeing only one file server, while others who only work from university network won't use this directory at all). What about this scenario?
That's a reasonable approach for separating data. That still leaves you with the question of authentication/performance wrt the external file server, but you're one step closer now. Olaf -- Olaf Kirch | Anyone who has had to work with X.509 has probably okir@suse.de | experienced what can best be described as ---------------+ ISO water torture. -- Peter Gutmann