The one problem with an encapsulated file share (either NFS or samba) is that it sets up a permanent link between your server segment and your internal network. Granted it is encrypted, but any breach of your server provides a sub directory where trojans can be left to become visible on your internal network.
The advantage of the SCP solution over this is that there is no long term connection. Each transfer is for the wanted data and that data only. This lessens the risk of cracker monitoring traffic on the share and the channel between internal and server segment is not available unless you are actually transferring data (although such connections could be built from SSH/NFS with some scripts). SCP and NFS tunneling under SSH use the same basic encryption methodology so there is no difference in cryptographic strength. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Josh Welch Sent: Fri February 15 2002 09:27 To: [EMAIL PROTECTED] Subject: RE: Moving data through a firewall <snip> This is probably what we'll end up doing. However, after my post I cam across an article on using ssh and TCP NFS to implement a "secure NFS", here's a link to the article, http://www.samag.com/documents/s=4072/sam0203d/sam0203d.htm. I was wondering if anyone had looked at or implemented this, and what their opinion of it was. Thanks, Josh _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
