Re: Is there any encrypted or secure NFS?

2004-01-08 Thread Paul Smith
%% Mark Roach <[EMAIL PROTECTED]> writes:

  mr> Yup. Install a key-sniffer, wait for the victim to unwittingly
  mr> type his password.

  >> Why would I type my password on your box?  I would never do that,
  >> that's not how Kerberos works.

  mr> Yes it is. It is not how something like RSA securids, or
  mr> CryptoCards work, but kerberos does not automatically mean one of
  mr> those will be in use.

Kerberos is a network authentication protocol designed around secret key
cryptography.  No one would go to the trouble of implementing Kerberos,
just to continue to type passwords on all the remote boxes!

  mr> it doesn't send the password over the network, it does require the
  mr> password to be typed.

Yes, on the local system.

  mr> (I think you missed the original question. Having root on _your_
  mr> box is the given that we are assuming.)

I guess I must have: this requirement is obviously silly.  Unless you go
into something like the Hurd, or maybe NSA Linux could do this.

  mr> Hmm, I don't even give my users the "administrator" password on their
  mr> windows machines. I'm certainly not giving them root. ;-)

That may work if your users are not technical, but our users are
programmers and hardware designers.  They expect to be able to have some
control over their own systems.  They sure as heck aren't going to call
a help line just so they can change their display resolution or restart
some system service that seems to be hung.

-- 
---
 Paul D. Smith <[EMAIL PROTECTED]>   HASMAT--HA Software Mthds & Tools
 "Please remain calm...I may be mad, but I am a professional." --Mad Scientist
---
   These are my opinions---Nortel Networks takes no responsibility for them.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]



Re: Is there any encrypted or secure NFS?

2004-01-06 Thread Mark Roach
On Tue, 2004-01-06 at 02:24, Paul Smith wrote:
> %% Mark Roach <[EMAIL PROTECTED]> writes:
> 
>   mr> Yup. Install a key-sniffer, wait for the victim to unwittingly
>   mr> type his password.
> 
> Why would I type my password on your box?  I would never do that, that's
> not how Kerberos works.

Yes it is. It is not how something like RSA securids, or CryptoCards
work, but kerberos does not automatically mean one of those will be in
use.

> As I said, if you can root my box then you can gain my credentials and
> masquerade as me, although you can't do it without making some kind of
> potentially detectable change to my system.
> 
> But that is certainly an order of magnitude more secure than basic NFS,
> which says that if you can root _ANY_ box on the network, including
> yours, you can masquerade as me, and further there is no way to detect
> it.
> 
>   >> You can install trojans, for starters.  But at least you have to
>   >> have root access on _their_ box 
> 
>   mr> incorrect, see above.
> 
> Make sure you're familiar with Kerberos.  Kerberos, like SSH, never
> sends passwords to the remote host, so there's no way to get my
> credentials unless you can install a trojan on MY box.  Nothing you can
> do on YOUR box, even if you're root, can be used to hijack my identity.

it doesn't send the password over the network, it does require the
password to be typed. (I think you missed the original question. Having
root on _your_ box is the given that we are assuming.)

>   mr> This is all a moot point though, the fact is that there is no way
>   mr> to secure the data going in and out of a machine such that root
>   mr> can't ever get at it.
> 
> I guess we have to define what we mean by "security"; there are lots of
> forms of security.
> 
> However, I don't agree with your comment above.  It may be mostly true
> for the hosts at the origin and destination of the data, but it can
> obviously be secured for all intermediate systems.
[...]
> I do agree that you can't secure the data from root on the client,

This is what I meant, of course.

> Unfortunately, not handing out the root password is really not a viable
> situation, again IMO, with a desktop system in anything but the most
> basic environment (like kiosks and POS terminals, etc.)  There are a
> number of things that even basic desktop users need to do with their
> systems that require root access, such as changing display resolutions
> and installing new software, not to mention basic troubleshooting like
> reading the system log files, restarting basic services, etc.

Hmm, I don't even give my users the "administrator" password on their
windows machines. I'm certainly not giving them root. ;-)
-- 
Mark Roach


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]



Re: Is there any encrypted or secure NFS?

2004-01-06 Thread Rohit Kumar Mehta
Mark Roach wrote:

Note: if you tell me that he is going to boot off a knoppix CD and crack
root on the box to su to userB, you must give me at least one example of
an alternative that is not susceptible to an attack by a malicious local
root
 

Andrew Filesystem (this very hard to set up and demands a kerberos 
infrastructure)
and NFSv4(unfortunately not prime time)

Linux Enhanced SMBFS http://uranus.it.swin.edu.au/~jn/linux/smbfs/
This is really great, and easy to user with Debian's automounter.
This is not 100% security.  If I get root on the box, I can swipe your 
password by sniffing
your keystrokes even.  But it is pretty good.  If user B never logs into 
a client machine, user A
will not have access to user B's files from the SMBFS server.

I read another solution on bugtraq where they implemented NFS via ssh 
tunnels, and it seems like
a pretty good solution but I have not implemented it 
http://ww.math.ualberta.ca/imaging/snfs/



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]



Re: Is there any encrypted or secure NFS?

2004-01-06 Thread Rohit Kumar Mehta
Mark Roach wrote:

On Mon, 2004-01-05 at 21:25, Brett Carrington wrote:
 

On Mon, Jan 05, 2004 at 09:14:27PM -0500, Mark Roach wrote:
   

This might be encrypted, but hardly secure, for instance if user A has 
physical access to NFS client
and user B has physical access to nfs client, what prevents user A from 
accessing user B's files through VPN?
   

File permissions.

 

Even so, you'd have this problem with or without an IPSec VPN. The VPN's
job, in this case, is lower-layer encryption. File systems on your
host/NFS Client are out of the spectrum of what a VPN can do. A VPN is
only going to protect your data from snoopers of NFS packets.
   

Right, which is why I pointed to file permissions instead of the VPN as
the protecting factor here. I don't really know what Rohit was
suggesting as an alternative, but if he thinks there is any security
mechanism that can protect against all attacks regardless of whether the
attacker has root, he is mistaken. 

At some point there has to exist a status of "trusted." Unless you
want to lock your computer in a vault, set bios and lilo passwords, buy
a van-eck cage, and carry your keyboard with you at all times, you are
probably better off protecting yourself from the class of attackers who
pose an actual (plausible) threat.
I'm sorry, maybe I did not make myself clear.  If my client has access 
to an NFS file server
the NFS fileserver depends on my client to establish the UID.  That 
makes file permissions
fairly worthless in my opinion.  SMBFS requires authentication to access 
the network resource and
Linux enhanced smbfs supports all the great UNIX stuff like symlinks and 
permission bits (although I
do not know about ACLS)

AFS at least demands kerberos authentication for access to the network 
resources.  It just seems prohibitively
difficult to implement.  I was not talking about sniffing packets over 
the network, just the common situation
where you want one user to have access to a file from a workstation, but 
another user at the same workstation
to not have access to that file.

--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]



Re: Is there any encrypted or secure NFS?

2004-01-06 Thread Paul Smith
%% Mark Roach <[EMAIL PROTECTED]> writes:

  mr> Yup. Install a key-sniffer, wait for the victim to unwittingly
  mr> type his password.

Why would I type my password on your box?  I would never do that, that's
not how Kerberos works.

As I said, if you can root my box then you can gain my credentials and
masquerade as me, although you can't do it without making some kind of
potentially detectable change to my system.

But that is certainly an order of magnitude more secure than basic NFS,
which says that if you can root _ANY_ box on the network, including
yours, you can masquerade as me, and further there is no way to detect
it.

  >> You can install trojans, for starters.  But at least you have to
  >> have root access on _their_ box 

  mr> incorrect, see above.

Make sure you're familiar with Kerberos.  Kerberos, like SSH, never
sends passwords to the remote host, so there's no way to get my
credentials unless you can install a trojan on MY box.  Nothing you can
do on YOUR box, even if you're root, can be used to hijack my identity.

  mr> This is all a moot point though, the fact is that there is no way
  mr> to secure the data going in and out of a machine such that root
  mr> can't ever get at it.

I guess we have to define what we mean by "security"; there are lots of
forms of security.

However, I don't agree with your comment above.  It may be mostly true
for the hosts at the origin and destination of the data, but it can
obviously be secured for all intermediate systems.

Also, I can envision situations where the server can't read the data,
even as root: if the filesystem contains encrypted data that is shared
in its encrypted form by NFS, and only decrypted at the client for
example then root on the server cannot read it.

I do agree that you can't secure the data from root on the client, but
again that means you have to root _MY_ box, and that is a much stronger
statement, security-wise, because I have control over my box while I
(likely) don't have any control over the server or certainly all the
other boxes on the network.


Anyway, that's not really what I was talking about: I am mostly
concerned with securing data so that unauthorized users can't access it
in the first place, or at least can't access it with an unauthorized
privilege class.

  mr> There are lot's of attempts at making it difficult (it's called
  mr> DRM) but it is not something that is possible to completely
  mr> attain. The sensible person will use the tool that makes the job
  mr> difficult enough to dissuade the likely attackers based on the
  mr> level of risk involved (this is assuming that security/complexity
  mr> are tradeoffs, if there exists a more secure, less complex option,
  mr> it's a no-brainer).

  mr> I am not saying that nfs is super-secure here, so I hope nobody
  mr> gets me wrong. (though I do think that in many cases it is "good
  mr> enough") My only point in all of this is that if you think other
  mr> protocols have magic, not-even-root-can-catch-me-now-bwahahaha
  mr> voodoo, you are mistaken.

NFS is only "good enough", IMO, if you don't allow people to have root
privileges on their own system.  I tend to agree with you that, although
not giving out the root password is not a very high bar if people have
physical access to the system, it's still probably "good enough" for the
typical corporate intranet where you don't expect to get any black
hats.  Obviously if you're working for the NSA or the CIA, you have a
different outlook :).

But I think if you give people the root password on their own desktop,
the bar is not high enough even for a normal corporate intranet.  In
fact it's so low you're not even able to guard against what could be
considered simple mistakes, and that's too low for comfort for me.


Unfortunately, not handing out the root password is really not a viable
situation, again IMO, with a desktop system in anything but the most
basic environment (like kiosks and POS terminals, etc.)  There are a
number of things that even basic desktop users need to do with their
systems that require root access, such as changing display resolutions
and installing new software, not to mention basic troubleshooting like
reading the system log files, restarting basic services, etc.

-- 
---
 Paul D. Smith <[EMAIL PROTECTED]>   HASMAT--HA Software Mthds & Tools
 "Please remain calm...I may be mad, but I am a professional." --Mad Scientist
---
   These are my opinions---Nortel Networks takes no responsibility for them.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]



Re: Is there any encrypted or secure NFS?

2004-01-05 Thread Mark Roach
On Mon, 2004-01-05 at 23:30, Paul Smith wrote:
> %% Mark Roach <[EMAIL PROTECTED]> writes:
> 
>   mr> Note: if you tell me that he is going to boot off a knoppix CD and
>   mr> crack root on the box to su to userB, you must give me at least
>   mr> one example of an alternative that is not susceptible to an attack
>   mr> by a malicious local root
> 
> Any method that forces the client to authenticate himself by more than
> simple UID.  It must be doable since Windows SMB does it: having
> Administrator privileges on your Windows box doesn't give you the
> ability to read anyone else's files on a remote SMB share.

Two words, keystroke logger. Or, have a telnetd program set to autostart
on that windows box on logon, log in to the telnet session, instant
access.

> For example, there are versions of NFS that use Kerberos for
> authentication.  In this scenario simply being root (which given
> physical access to the box is obviously trivial) won't get you access to
> someone else's files.  I don't personally know of any site that uses
> this, but it's in the NFS standards.

> You may argue that if you have root access on your target's box you can
> snoop enough information to fake out Kerberos, and you're probably
> right.

Yup. Install a key-sniffer, wait for the victim to unwittingly type his
password.

>   You can install trojans, for starters.  But at least you have to
> have root access on _their_ box 

incorrect, see above.

This is all a moot point though, the fact is that there is no way to
secure the data going in and out of a machine such that root can't ever
get at it. There are lot's of attempts at making it difficult (it's
called DRM) but it is not something that is possible to completely
attain. The sensible person will use the tool that makes the job
difficult enough to dissuade the likely attackers based on the level of
risk involved (this is assuming that security/complexity are tradeoffs,
if there exists a more secure, less complex option, it's a no-brainer).

I am not saying that nfs is super-secure here, so I hope nobody gets me
wrong. (though I do think that in many cases it is "good enough") My
only point in all of this is that if you think other protocols have
magic, not-even-root-can-catch-me-now-bwahahaha voodoo, you are
mistaken.

-- 
Mark Roach


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]



Re: Is there any encrypted or secure NFS?

2004-01-05 Thread Paul Smith
%% Mark Roach <[EMAIL PROTECTED]> writes:

  mr> Note: if you tell me that he is going to boot off a knoppix CD and
  mr> crack root on the box to su to userB, you must give me at least
  mr> one example of an alternative that is not susceptible to an attack
  mr> by a malicious local root

Any method that forces the client to authenticate himself by more than
simple UID.  It must be doable since Windows SMB does it: having
Administrator privileges on your Windows box doesn't give you the
ability to read anyone else's files on a remote SMB share.

For example, there are versions of NFS that use Kerberos for
authentication.  In this scenario simply being root (which given
physical access to the box is obviously trivial) won't get you access to
someone else's files.  I don't personally know of any site that uses
this, but it's in the NFS standards.


You may argue that if you have root access on your target's box you can
snoop enough information to fake out Kerberos, and you're probably
right.  You can install trojans, for starters.  But at least you have to
have root access on _their_ box and you have to do some work that is
potentially detectable; with normal NFS all you need is root access on
your _OWN_ box, plus a trivial "su", which is far, far simpler to
accomplish, and virtually untraceable.

-- 
---
 Paul D. Smith <[EMAIL PROTECTED]>   HASMAT--HA Software Mthds & Tools
 "Please remain calm...I may be mad, but I am a professional." --Mad Scientist
---
   These are my opinions---Nortel Networks takes no responsibility for them.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]



Re: Is there any encrypted or secure NFS?

2004-01-05 Thread Mark Roach
On Mon, 2004-01-05 at 21:48, Alvin Oga wrote:
> On Mon, 5 Jan 2004, Brett Carrington wrote:
> 
> > On Mon, Jan 05, 2004 at 09:14:27PM -0500, Mark Roach wrote:
> > > > This might be encrypted, but hardly secure, for instance if user A has 
> > > > physical access to NFS client
> > > > and user B has physical access to nfs client, what prevents user A from 
> > > > accessing user B's files through VPN?
> > > 
> > > File permissions.
> 
> wont help ...  the user has acces to their files on the other end

OK, I'm obviously missing something here. Here's what I'm hearing

NFS Server --- NFS Client (Home of User A and User B)

The server is exporting /home which includes /home/userA and
/home/userB. File permissions are set to 700 (or 770 with appropriate
groups) on both home directories.

The client has mounted the server's /home as /mnt/remote_homes

User A wants to access user B's files that are under
/mnt/remote_homes/userB. How are you suggesting that this is going to be
possible? 

Note: if you tell me that he is going to boot off a knoppix CD and crack
root on the box to su to userB, you must give me at least one example of
an alternative that is not susceptible to an attack by a malicious local
root

> > Even so, you'd have this problem with or without an IPSec VPN. The VPN's
> > job, in this case, is lower-layer encryption. File systems on your
> > host/NFS Client are out of the spectrum of what a VPN can do. A VPN is
> > only going to protect your data from snoopers of NFS packets.
> 
> "maybe"

[snip random security stuffs]
> - allowing nfs just makes all the snooping easier ...
>   too many old holes - that may or may not be patched
> 
>   nfs --> "Not For Security"
> 
>   setting up and properly running a "secure nfs" is a whole other
>   ballgame

NFS definitely is not the right tool for every situation. There are some
situations though, where it _is_ a good tool, and additional
circumstances where the addition of IPSEC makes it a reasonable option
when it otherwise wouldn't have been.
-- 
Mark Roach


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]



Re: Is there any encrypted or secure NFS?

2004-01-05 Thread Mark Roach
On Mon, 2004-01-05 at 21:25, Brett Carrington wrote:
> On Mon, Jan 05, 2004 at 09:14:27PM -0500, Mark Roach wrote:
> > > This might be encrypted, but hardly secure, for instance if user A has 
> > > physical access to NFS client
> > > and user B has physical access to nfs client, what prevents user A from 
> > > accessing user B's files through VPN?
> > 
> > File permissions.
> >
> 
> Even so, you'd have this problem with or without an IPSec VPN. The VPN's
> job, in this case, is lower-layer encryption. File systems on your
> host/NFS Client are out of the spectrum of what a VPN can do. A VPN is
> only going to protect your data from snoopers of NFS packets.

Right, which is why I pointed to file permissions instead of the VPN as
the protecting factor here. I don't really know what Rohit was
suggesting as an alternative, but if he thinks there is any security
mechanism that can protect against all attacks regardless of whether the
attacker has root, he is mistaken. 

At some point there has to exist a status of "trusted." Unless you
want to lock your computer in a vault, set bios and lilo passwords, buy
a van-eck cage, and carry your keyboard with you at all times, you are
probably better off protecting yourself from the class of attackers who
pose an actual (plausible) threat.

-- 
Mark Roach


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]



Re: Is there any encrypted or secure NFS?

2004-01-05 Thread Alvin Oga

On Mon, 5 Jan 2004, Brett Carrington wrote:

> On Mon, Jan 05, 2004 at 09:14:27PM -0500, Mark Roach wrote:
> > > This might be encrypted, but hardly secure, for instance if user A has 
> > > physical access to NFS client
> > > and user B has physical access to nfs client, what prevents user A from 
> > > accessing user B's files through VPN?
> > 
> > File permissions.

wont help ...  the user has acces to their files on the other end

> Even so, you'd have this problem with or without an IPSec VPN. The VPN's
> job, in this case, is lower-layer encryption. File systems on your
> host/NFS Client are out of the spectrum of what a VPN can do. A VPN is
> only going to protect your data from snoopers of NFS packets.

"maybe"

places where the cracker can see your "credit card" ( sensitive data )
- while you're away from your desk
- while its still in netscape cache
- in transit to the webstore
- while its in memory (-- you've got bigger problems --)
- vpn/ssh snoopping of the wire  (-- you've gove bigger problems--)
- from your home network ssh'd/vpn'd into the corp lan
- trash can

- i think the major comment, was what if the dude just sits at the
  terminal while your away ..
- encrypted traffic or encrypted fs will not prevent the cracker
from seeing the "good data" they're not supposed to have seen

- always passwd protect your screen 
and always use different passwds for each pc
 
"encryption" is still uselsess if you use ez 2 remember pass phrase or
words from the dictionary or common phrases and "misstyped" passwds ..
or written down on a piece of paper that is easy to find on the
keyboard, monitor, mousepad, drawers, rolodex, bookmarkers, ...

- it's even more trivial to go snooping if you use passwdless
logins

- allowing nfs just makes all the snooping easier ...
too many old holes - that may or may not be patched

nfs --> "Not For Security"

setting up and properly running a "secure nfs" is a whole other
ballgame

c ya
alvin   


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]



Re: Is there any encrypted or secure NFS?

2004-01-05 Thread Brett Carrington
On Mon, Jan 05, 2004 at 09:14:27PM -0500, Mark Roach wrote:
> > This might be encrypted, but hardly secure, for instance if user A has 
> > physical access to NFS client
> > and user B has physical access to nfs client, what prevents user A from 
> > accessing user B's files through VPN?
> 
> File permissions.
>

Even so, you'd have this problem with or without an IPSec VPN. The VPN's
job, in this case, is lower-layer encryption. File systems on your
host/NFS Client are out of the spectrum of what a VPN can do. A VPN is
only going to protect your data from snoopers of NFS packets.


signature.asc
Description: Digital signature


Re: Is there any encrypted or secure NFS?

2004-01-05 Thread Mark Roach
On Mon, 2004-01-05 at 07:49, Rohit Kumar Mehta wrote:
> Mark Roach wrote:

> >Get it properly encrypted at a lower level with ipsec, and you can go
> >about your business (whee, telnet's back).
> >  
> >
> This might be encrypted, but hardly secure, for instance if user A has 
> physical access to NFS client
> and user B has physical access to nfs client, what prevents user A from 
> accessing user B's files through VPN?

File permissions.

-- 
Mark Roach


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]



Re: Is there any encrypted or secure NFS?

2004-01-05 Thread Rohit Kumar Mehta
Mark Roach wrote:

On Sat, 2004-01-03 at 08:50, J.H.M. Dassen (Ray) wrote:
 

On Sat, Jan 03, 2004 at 08:30:48 -0500, Antonio Rodriguez wrote:
   

What would be the best route to establish an encrypted or secure nfs
session?
 

There are several approaches:
- Establish a VPN connection (e.g. FreeS/WAN IPSec, or tinc) between the
 hosts and route your NFS traffic over it.
 This is probably the most straightforward and mature option.
   

I would strongly encourage this method. Does it strike anyone else as
strange that every single application protocol has to (or just _is_)
writing their own security/encryption system? 

Get it properly encrypted at a lower level with ipsec, and you can go
about your business (whee, telnet's back).
 

This might be encrypted, but hardly secure, for instance if user A has 
physical access to NFS client
and user B has physical access to nfs client, what prevents user A from 
accessing user B's files through VPN?

Also consider Linux Enhanced SMBFS:
http://uranus.it.swin.edu.au/~jn/linux/smbfs/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]



Re: Is there any encrypted or secure NFS?

2004-01-04 Thread Antonio Rodriguez
On Sun, Jan 04, 2004 at 02:36:05PM -0500, Mark Roach wrote:
> On Sat, 2004-01-03 at 08:50, J.H.M. Dassen (Ray) wrote:
> > On Sat, Jan 03, 2004 at 08:30:48 -0500, Antonio Rodriguez wrote:
> > > What would be the best route to establish an encrypted or secure nfs
> > > session?
> > 
> > There are several approaches:
> > - Establish a VPN connection (e.g. FreeS/WAN IPSec, or tinc) between the
> >   hosts and route your NFS traffic over it.
> >   This is probably the most straightforward and mature option.
> 
> I would strongly encourage this method. Does it strike anyone else as
> strange that every single application protocol has to (or just _is_)
> writing their own security/encryption system? 

This is an interesting -very!- remark. Even convergent with certain others.

> 
> Get it properly encrypted at a lower level with ipsec, and you can go
> about your business (whee, telnet's back).
> -- 
> Mark Roach
> 

Thanks Mark. I will check into this seriously.
AR


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]



Re: Is there any encrypted or secure NFS?

2004-01-04 Thread Mark Roach
On Sat, 2004-01-03 at 08:50, J.H.M. Dassen (Ray) wrote:
> On Sat, Jan 03, 2004 at 08:30:48 -0500, Antonio Rodriguez wrote:
> > What would be the best route to establish an encrypted or secure nfs
> > session?
> 
> There are several approaches:
> - Establish a VPN connection (e.g. FreeS/WAN IPSec, or tinc) between the
>   hosts and route your NFS traffic over it.
>   This is probably the most straightforward and mature option.

I would strongly encourage this method. Does it strike anyone else as
strange that every single application protocol has to (or just _is_)
writing their own security/encryption system? 

Get it properly encrypted at a lower level with ipsec, and you can go
about your business (whee, telnet's back).
-- 
Mark Roach


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]



Re: Is there any encrypted or secure NFS? - encrypted fs

2004-01-03 Thread Alvin Oga

On Sat, 3 Jan 2004, Antonio Rodriguez wrote:

> > regardless of method  the basic underlying nfs structure is insecure
> > so you're supposed to replace the insecure portmap, rpc services with
> > something more secure
> > http://www.linux-sec.net/FileSystem/#NFS

...
 
> > - or even better, use an encrypted fs.. than its no longer an
> > issue
> 
> Any pointers to encrypted fs?

see the url posted -- bottom of that page

c ya
alvin


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]



Re: Is there any encrypted or secure NFS?

2004-01-03 Thread panda
Antonio Rodriguez wrote:

On Sat, Jan 03, 2004 at 02:36:33PM -0800, Alvin Oga wrote:
 

Antonio> What would be the best route to establish an encrypted or
Antonio> secure nfs session? I would like to be able to mount a faraway
Antonio> (debian) machine with confidence of not being observed. Any
Antonio> ideas?  Thanks.
 

use secure rpc
use secure portmap
use secure nfs
use scp/ssh  --> use a good hard to guess/type passphrase
   

Isn't it possible to mount drives with ssh, so it does the scp 
tranparently?
 

regardless of method  the basic underlying nfs structure is insecure
so you're supposed to replace the insecure portmap, rpc services with
something more secure
http://www.linux-sec.net/FileSystem/#NFS
- crackers can get into your box via nfs vulnerabilities
because you have it "on" ( big problem )
or start on another path of coda, intermezzo, afs, ...
( more fun and tricks )
	- or even better, use an encrypted fs.. than its no longer an
	issue
   

Any pointers to encrypted fs?



 

at the bottom of the page referred above

http://www.linux-sec.net/FileSystem

panda

--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]



Re: Is there any encrypted or secure NFS?

2004-01-03 Thread Antonio Rodriguez
On Sat, Jan 03, 2004 at 02:36:33PM -0800, Alvin Oga wrote:
> 
> > > > Antonio> What would be the best route to establish an encrypted or
> > > > Antonio> secure nfs session? I would like to be able to mount a faraway
> > > > Antonio> (debian) machine with confidence of not being observed. Any
> > > > Antonio> ideas?  Thanks.
> > > 
> > > use secure rpc
> > > use secure portmap
> > > use secure nfs
> > > use scp/ssh  --> use a good hard to guess/type passphrase
> > 
> > Isn't it possible to mount drives with ssh, so it does the scp 
> > tranparently?
> 
> regardless of method  the basic underlying nfs structure is insecure
> so you're supposed to replace the insecure portmap, rpc services with
> something more secure
>   http://www.linux-sec.net/FileSystem/#NFS
> 
>   - crackers can get into your box via nfs vulnerabilities
>   because you have it "on" ( big problem )
> 
>   or start on another path of coda, intermezzo, afs, ...
>   ( more fun and tricks )
> 
>   - or even better, use an encrypted fs.. than its no longer an
>   issue

Any pointers to encrypted fs?



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]



Re: Is there any encrypted or secure NFS?

2004-01-03 Thread Alvin Oga


On Sat, 3 Jan 2004, Nano Nano wrote:

> On Sat, Jan 03, 2004 at 01:04:21PM -0800, Alvin Oga wrote:
> > 
> > > > "Antonio" == Antonio Rodriguez <[EMAIL PROTECTED]> writes:
> > > 
> > > Antonio> What would be the best route to establish an encrypted or
> > > Antonio> secure nfs session? I would like to be able to mount a faraway
> > > Antonio> (debian) machine with confidence of not being observed. Any
> > > Antonio> ideas?  Thanks.
> > 
> > use secure rpc
> > use secure portmap
> > use secure nfs
> > use scp/ssh  --> use a good hard to guess/type passphrase
> 
> Isn't it possible to mount drives with ssh, so it does the scp 
> tranparently?

regardless of method  the basic underlying nfs structure is insecure
so you're supposed to replace the insecure portmap, rpc services with
something more secure
http://www.linux-sec.net/FileSystem/#NFS

- crackers can get into your box via nfs vulnerabilities
because you have it "on" ( big problem )

or start on another path of coda, intermezzo, afs, ...
( more fun and tricks )

- or even better, use an encrypted fs.. than its no longer an
issue

regardless of method, turn off nfs when not in use and dont use
nfs if at possible

- automounter can umount it for you when its not in use


dumb way ... ( brute force )

user# scp /net/remote-host/mnt/secret/secret-files.txt .
( trivial way and works easily/fast w/ autofs )

remote host should be setup to export /mnt/secret to "user" only

better way ...
better way#  ssh -l user remote-host  -- and enter your pwd
-- do  your magic
-- your reequest for nfs is hereby denied !!


/home is probably the only that should be NFS mounted via an
automounter individually for each users home dir ...

--

if you mean: ( hardway .. worst way )

localpc#  ssh  remote " mount /dev/hdc /mnt/secret ; \
scp /mnt/secret/salaries.txt . ; umount /mnt/secret "
 
too messy ... too many assumptions ... no verification/checking 
- you dont know that you mounted/umounted properly

- root should never be able too ssh into another pc
- users should never be able to mount remote filesystems

- too many security violations

---

remote machine -- should automount /mnt/secret whenever certain users
tries to access /mnt/secret/secret 

- if security is an issue, it should never be mounted
except for local users ... and NOT exported

--

- turn off nfs when not in use
  ( if you use s script mount it before you use the remote fs )
- if security is an issue... that script should be shot

-- if you use scp ... don't use pass phrase like "pass phrase 123"
   and dont use user passwd like "spot123"  where spot is your dog's name

== all that easily guessable stuff makes ssh useless

== anytime the other machine acccepts root logins w/o passwords
because it uses keys, than the cracker has access to both machines
without knowing any passwds


- problem is people cant seem to live w/o nfs... or dont want to do things
  a better way

c ya
alvin



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]



Re: Is there any encrypted or secure NFS?

2004-01-03 Thread Nano Nano
On Sat, Jan 03, 2004 at 01:04:21PM -0800, Alvin Oga wrote:
> 
> > > "Antonio" == Antonio Rodriguez <[EMAIL PROTECTED]> writes:
> > 
> > Antonio> What would be the best route to establish an encrypted or
> > Antonio> secure nfs session? I would like to be able to mount a faraway
> > Antonio> (debian) machine with confidence of not being observed. Any
> > Antonio> ideas?  Thanks.
> 
> use secure rpc
> use secure portmap
> use secure nfs
> use scp/ssh  --> use a good hard to guess/type passphrase

Isn't it possible to mount drives with ssh, so it does the scp 
tranparently?


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]



Re: Is there any encrypted or secure NFS?

2004-01-03 Thread Alvin Oga

hi ya antonio

On Sat, 3 Jan 2004, Hubert Chan wrote:

> > "Antonio" == Antonio Rodriguez <[EMAIL PROTECTED]> writes:
> 
> Antonio> What would be the best route to establish an encrypted or
> Antonio> secure nfs session? I would like to be able to mount a faraway
> Antonio> (debian) machine with confidence of not being observed. Any
> Antonio> ideas?  Thanks.

dont do it... but...
 
> You can try tunnelling NFS over SSH.
> 
> http://www.math.ualberta.ca/imaging/snfs/

http://www.Linux-Sec.net/FileSystem/

use secure rpc
use secure portmap
use secure nfs
use scp/ssh  --> use a good hard to guess/type passphrase

lock down who can mount and read/write/copy stuff back and forth

==
== assume the cracker has sniffed your encrypted nfs traffic
==

- if all that is within your work environment...  watch out for the
  dude in the other cubicle that is poking around at HR's salary
  review files

c ya
alvin



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]



Re: Is there any encrypted or secure NFS?

2004-01-03 Thread Hubert Chan
> "Antonio" == Antonio Rodriguez <[EMAIL PROTECTED]> writes:

Antonio> What would be the best route to establish an encrypted or
Antonio> secure nfs session? I would like to be able to mount a faraway
Antonio> (debian) machine with confidence of not being observed. Any
Antonio> ideas?  Thanks.

You can try tunnelling NFS over SSH.

http://www.math.ualberta.ca/imaging/snfs/

(It's written for RedHat, but should work under Debian.)

-- 
Hubert Chan <[EMAIL PROTECTED]> - http://www.uhoreg.ca/
PGP/GnuPG key: 1024D/124B61FA
Fingerprint: 96C5 012F 5F74 A5F7 1FF7  5291 AF29 C719 124B 61FA
Key available at wwwkeys.pgp.net.   Encrypted e-mail preferred.


pgp0.pgp
Description: PGP signature


Re: Is there any encrypted or secure NFS?

2004-01-03 Thread J.H.M. Dassen (Ray)
On Sat, Jan 03, 2004 at 08:30:48 -0500, Antonio Rodriguez wrote:
> What would be the best route to establish an encrypted or secure nfs
> session?

There are several approaches:
- Establish a VPN connection (e.g. FreeS/WAN IPSec, or tinc) between the
  hosts and route your NFS traffic over it.
  This is probably the most straightforward and mature option.
- Look into NFSv3 over secure RPC.
- Look into NFSv4.
- Use a different network filesystem that has encrypted connections builtin.
  I'm not familiar with them; you may want to look at openafs, tcfs, 
  intermezzo, and coda.

> I would like to be able to mount a faraway (debian) machine with
> confidence of not being observed. Any ideas?

Encryption is used to scramble your traffic. It's still observable that
you're communicating with the remote machine, just the traffic itself is
being secured against unauthorised eyes.

HTH,
Ray
-- 
Pinky, Are You Pondering What I'm Pondering?
I think so Brain, but if they called them "sad meals", kids wouldn't
buy them. 
Pinky and the Brain in "Brain Meets Brawn"


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]



Is there any encrypted or secure NFS?

2004-01-03 Thread Antonio Rodriguez
What would be the best route to establish an encrypted or secure nfs
session? I would like to be able to mount a faraway (debian) machine with
confidence of not being observed. Any ideas?
Thanks.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]