On Mon, 5 Jan 2004, Brett Carrington wrote: > On Mon, Jan 05, 2004 at 09:14:27PM -0500, Mark Roach wrote: > > > This might be encrypted, but hardly secure, for instance if user A has > > > physical access to NFS client > > > and user B has physical access to nfs client, what prevents user A from > > > accessing user B's files through VPN? > > > > File permissions.
wont help ... the user has acces to their files on the other end > Even so, you'd have this problem with or without an IPSec VPN. The VPN's > job, in this case, is lower-layer encryption. File systems on your > host/NFS Client are out of the spectrum of what a VPN can do. A VPN is > only going to protect your data from snoopers of NFS packets. "maybe" places where the cracker can see your "credit card" ( sensitive data ) - while you're away from your desk - while its still in netscape cache - in transit to the webstore - while its in memory (-- you've got bigger problems --) - vpn/ssh snoopping of the wire (-- you've gove bigger problems--) - from your home network ssh'd/vpn'd into the corp lan - trash can - i think the major comment, was what if the dude just sits at the terminal while your away .. - encrypted traffic or encrypted fs will not prevent the cracker from seeing the "good data" they're not supposed to have seen - always passwd protect your screen and always use different passwds for each pc "encryption" is still uselsess if you use ez 2 remember pass phrase or words from the dictionary or common phrases and "misstyped" passwds .. or written down on a piece of paper that is easy to find on the keyboard, monitor, mousepad, drawers, rolodex, bookmarkers, ... - it's even more trivial to go snooping if you use passwdless logins - allowing nfs just makes all the snooping easier ... too many old holes - that may or may not be patched nfs --> "Not For Security" setting up and properly running a "secure nfs" is a whole other ballgame c ya alvin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]