On Sunday 23 December 2007 18:17:54 Aaron Kulkis wrote:
primm wrote:
> NFS is kind of ugly itself, don't you think?
Ugly? Naah! It's soooo neat. With nis and nfs anyone can login anywhere and get their own files and start work right after they've got a coffee. It just works. Just like NT server before someone downloded a virus.
Well, I guess if someone else is configuring and maintaining it, sure, it's wonderful.
I setup an nfs server to export /home to 5 other clients. The same server handles nis logins. No eggageration, it took me 1/2 hour most of which was reading man exports until I discovered that Yast had read it for me already! I'll bet that some gurus on this list could do it in 5.
Just curious, but what are my alternatives for nfs? Love from L
nfs is good, it mostly just works. But v3 has drawbacks in security, so if you're not in total control of the network, it might not be so good
nfsv4 + kerberos can provide real authentication and encryption though, so you still don't have to abandon nfs
4 years ago it cost me two days work and a 300 Euro installation cost from an engineer who also sold me the licences for my workstations. That was w2000.
Wow....that's pathetically sad.
It was plagued by viruses and most of my hardware wan't recognised so I had to fork out for new machines too. 5000 Euros later.
I'm now reading that Linux nfs which I installed by yast all by myself is also a security risk. But for gads sake, it's been up for 6 months with my staff reading e-mails and chatting to and from their latest boyfriends all through the lunch break. I use SuSEfirewall2. Setup by Yast.
Yes, NFS is a security risk -- but as you have also discovered, it's a very small one....substantially lower risk than any Windows machine just being ON the internet.
What a mess. I can't afford to go back to commercial products at the moment. Other people have told me that I have no alternatives. . . What the ???? is nfsv4 + kerberos? Yes, I know I can google it. I just have. But tomorrow morining I'll be back at work and I've a date this evening.
If I were you, I wouldn't lose any sleep over it. NFS has been in use for a good 20 years now, and I know of no ACTUAL exploitations of the flaws in NFS.
It doesn't mean that they aren't there...it just means that nobody has successfully taken advantage of them.
The fact that major corporations like GM and Ford continue to use NFS to this very day, without demanding a more secure product from Unix vendors (Sun, HP, etc) tells me that the risk is controllable to a level which is acceptable.
Firewalls play a big part in that equation, and you say you use them, so you should be OK.
It's at times like these I wish I'd stayed with my Microsoft rep.
Do I change my network back to Windows 2000? I'm not a hobbyist. Can anyone advise me in plain English o Español? Please, if you do not run a network then please do not write.
You're fine. Stick with what you have.
It's very easy for some spammer on the other side of the planet to hijack your Windows machines -- all he has to do is set up a website designed to be an attractive nuisance -- like post a video that everyone wants to watch...and on the same page, load up a script into your Windows machine that imports a virus or whatever remote-control mechanism they want to use.
Love from Primm xx
Oh thank gad. Sense at last. Thank ?*%k for that. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org