On Mon, 2004-01-05 at 21:25, Brett Carrington wrote: > On Mon, Jan 05, 2004 at 09:14:27PM -0500, Mark Roach wrote: > > > This might be encrypted, but hardly secure, for instance if user A has > > > physical access to NFS client > > > and user B has physical access to nfs client, what prevents user A from > > > accessing user B's files through VPN? > > > > File permissions. > > > > Even so, you'd have this problem with or without an IPSec VPN. The VPN's > job, in this case, is lower-layer encryption. File systems on your > host/NFS Client are out of the spectrum of what a VPN can do. A VPN is > only going to protect your data from snoopers of NFS packets.
Right, which is why I pointed to file permissions instead of the VPN as the protecting factor here. I don't really know what Rohit was suggesting as an alternative, but if he thinks there is any security mechanism that can protect against all attacks regardless of whether the attacker has root, he is mistaken. <rant>At some point there has to exist a status of "trusted." Unless you want to lock your computer in a vault, set bios and lilo passwords, buy a van-eck cage, and carry your keyboard with you at all times, you are probably better off protecting yourself from the class of attackers who pose an actual (plausible) threat.</rant> -- Mark Roach -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]