Re: Is there any encrypted or secure NFS?
%% Mark Roach <[EMAIL PROTECTED]> writes: mr> Yup. Install a key-sniffer, wait for the victim to unwittingly mr> type his password. >> Why would I type my password on your box? I would never do that, >> that's not how Kerberos works. mr> Yes it is. It is not how something like RSA securids, or mr> CryptoCards work, but kerberos does not automatically mean one of mr> those will be in use. Kerberos is a network authentication protocol designed around secret key cryptography. No one would go to the trouble of implementing Kerberos, just to continue to type passwords on all the remote boxes! mr> it doesn't send the password over the network, it does require the mr> password to be typed. Yes, on the local system. mr> (I think you missed the original question. Having root on _your_ mr> box is the given that we are assuming.) I guess I must have: this requirement is obviously silly. Unless you go into something like the Hurd, or maybe NSA Linux could do this. mr> Hmm, I don't even give my users the "administrator" password on their mr> windows machines. I'm certainly not giving them root. ;-) That may work if your users are not technical, but our users are programmers and hardware designers. They expect to be able to have some control over their own systems. They sure as heck aren't going to call a help line just so they can change their display resolution or restart some system service that seems to be hung. -- --- Paul D. Smith <[EMAIL PROTECTED]> HASMAT--HA Software Mthds & Tools "Please remain calm...I may be mad, but I am a professional." --Mad Scientist --- These are my opinions---Nortel Networks takes no responsibility for them. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Is there any encrypted or secure NFS?
On Tue, 2004-01-06 at 02:24, Paul Smith wrote: > %% Mark Roach <[EMAIL PROTECTED]> writes: > > mr> Yup. Install a key-sniffer, wait for the victim to unwittingly > mr> type his password. > > Why would I type my password on your box? I would never do that, that's > not how Kerberos works. Yes it is. It is not how something like RSA securids, or CryptoCards work, but kerberos does not automatically mean one of those will be in use. > As I said, if you can root my box then you can gain my credentials and > masquerade as me, although you can't do it without making some kind of > potentially detectable change to my system. > > But that is certainly an order of magnitude more secure than basic NFS, > which says that if you can root _ANY_ box on the network, including > yours, you can masquerade as me, and further there is no way to detect > it. > > >> You can install trojans, for starters. But at least you have to > >> have root access on _their_ box > > mr> incorrect, see above. > > Make sure you're familiar with Kerberos. Kerberos, like SSH, never > sends passwords to the remote host, so there's no way to get my > credentials unless you can install a trojan on MY box. Nothing you can > do on YOUR box, even if you're root, can be used to hijack my identity. it doesn't send the password over the network, it does require the password to be typed. (I think you missed the original question. Having root on _your_ box is the given that we are assuming.) > mr> This is all a moot point though, the fact is that there is no way > mr> to secure the data going in and out of a machine such that root > mr> can't ever get at it. > > I guess we have to define what we mean by "security"; there are lots of > forms of security. > > However, I don't agree with your comment above. It may be mostly true > for the hosts at the origin and destination of the data, but it can > obviously be secured for all intermediate systems. [...] > I do agree that you can't secure the data from root on the client, This is what I meant, of course. > Unfortunately, not handing out the root password is really not a viable > situation, again IMO, with a desktop system in anything but the most > basic environment (like kiosks and POS terminals, etc.) There are a > number of things that even basic desktop users need to do with their > systems that require root access, such as changing display resolutions > and installing new software, not to mention basic troubleshooting like > reading the system log files, restarting basic services, etc. Hmm, I don't even give my users the "administrator" password on their windows machines. I'm certainly not giving them root. ;-) -- Mark Roach -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Is there any encrypted or secure NFS?
Mark Roach wrote: Note: if you tell me that he is going to boot off a knoppix CD and crack root on the box to su to userB, you must give me at least one example of an alternative that is not susceptible to an attack by a malicious local root Andrew Filesystem (this very hard to set up and demands a kerberos infrastructure) and NFSv4(unfortunately not prime time) Linux Enhanced SMBFS http://uranus.it.swin.edu.au/~jn/linux/smbfs/ This is really great, and easy to user with Debian's automounter. This is not 100% security. If I get root on the box, I can swipe your password by sniffing your keystrokes even. But it is pretty good. If user B never logs into a client machine, user A will not have access to user B's files from the SMBFS server. I read another solution on bugtraq where they implemented NFS via ssh tunnels, and it seems like a pretty good solution but I have not implemented it http://ww.math.ualberta.ca/imaging/snfs/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Is there any encrypted or secure NFS?
Mark Roach wrote: On Mon, 2004-01-05 at 21:25, Brett Carrington wrote: On Mon, Jan 05, 2004 at 09:14:27PM -0500, Mark Roach wrote: This might be encrypted, but hardly secure, for instance if user A has physical access to NFS client and user B has physical access to nfs client, what prevents user A from accessing user B's files through VPN? File permissions. Even so, you'd have this problem with or without an IPSec VPN. The VPN's job, in this case, is lower-layer encryption. File systems on your host/NFS Client are out of the spectrum of what a VPN can do. A VPN is only going to protect your data from snoopers of NFS packets. Right, which is why I pointed to file permissions instead of the VPN as the protecting factor here. I don't really know what Rohit was suggesting as an alternative, but if he thinks there is any security mechanism that can protect against all attacks regardless of whether the attacker has root, he is mistaken. At some point there has to exist a status of "trusted." Unless you want to lock your computer in a vault, set bios and lilo passwords, buy a van-eck cage, and carry your keyboard with you at all times, you are probably better off protecting yourself from the class of attackers who pose an actual (plausible) threat. I'm sorry, maybe I did not make myself clear. If my client has access to an NFS file server the NFS fileserver depends on my client to establish the UID. That makes file permissions fairly worthless in my opinion. SMBFS requires authentication to access the network resource and Linux enhanced smbfs supports all the great UNIX stuff like symlinks and permission bits (although I do not know about ACLS) AFS at least demands kerberos authentication for access to the network resources. It just seems prohibitively difficult to implement. I was not talking about sniffing packets over the network, just the common situation where you want one user to have access to a file from a workstation, but another user at the same workstation to not have access to that file. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Is there any encrypted or secure NFS?
%% Mark Roach <[EMAIL PROTECTED]> writes: mr> Yup. Install a key-sniffer, wait for the victim to unwittingly mr> type his password. Why would I type my password on your box? I would never do that, that's not how Kerberos works. As I said, if you can root my box then you can gain my credentials and masquerade as me, although you can't do it without making some kind of potentially detectable change to my system. But that is certainly an order of magnitude more secure than basic NFS, which says that if you can root _ANY_ box on the network, including yours, you can masquerade as me, and further there is no way to detect it. >> You can install trojans, for starters. But at least you have to >> have root access on _their_ box mr> incorrect, see above. Make sure you're familiar with Kerberos. Kerberos, like SSH, never sends passwords to the remote host, so there's no way to get my credentials unless you can install a trojan on MY box. Nothing you can do on YOUR box, even if you're root, can be used to hijack my identity. mr> This is all a moot point though, the fact is that there is no way mr> to secure the data going in and out of a machine such that root mr> can't ever get at it. I guess we have to define what we mean by "security"; there are lots of forms of security. However, I don't agree with your comment above. It may be mostly true for the hosts at the origin and destination of the data, but it can obviously be secured for all intermediate systems. Also, I can envision situations where the server can't read the data, even as root: if the filesystem contains encrypted data that is shared in its encrypted form by NFS, and only decrypted at the client for example then root on the server cannot read it. I do agree that you can't secure the data from root on the client, but again that means you have to root _MY_ box, and that is a much stronger statement, security-wise, because I have control over my box while I (likely) don't have any control over the server or certainly all the other boxes on the network. Anyway, that's not really what I was talking about: I am mostly concerned with securing data so that unauthorized users can't access it in the first place, or at least can't access it with an unauthorized privilege class. mr> There are lot's of attempts at making it difficult (it's called mr> DRM) but it is not something that is possible to completely mr> attain. The sensible person will use the tool that makes the job mr> difficult enough to dissuade the likely attackers based on the mr> level of risk involved (this is assuming that security/complexity mr> are tradeoffs, if there exists a more secure, less complex option, mr> it's a no-brainer). mr> I am not saying that nfs is super-secure here, so I hope nobody mr> gets me wrong. (though I do think that in many cases it is "good mr> enough") My only point in all of this is that if you think other mr> protocols have magic, not-even-root-can-catch-me-now-bwahahaha mr> voodoo, you are mistaken. NFS is only "good enough", IMO, if you don't allow people to have root privileges on their own system. I tend to agree with you that, although not giving out the root password is not a very high bar if people have physical access to the system, it's still probably "good enough" for the typical corporate intranet where you don't expect to get any black hats. Obviously if you're working for the NSA or the CIA, you have a different outlook :). But I think if you give people the root password on their own desktop, the bar is not high enough even for a normal corporate intranet. In fact it's so low you're not even able to guard against what could be considered simple mistakes, and that's too low for comfort for me. Unfortunately, not handing out the root password is really not a viable situation, again IMO, with a desktop system in anything but the most basic environment (like kiosks and POS terminals, etc.) There are a number of things that even basic desktop users need to do with their systems that require root access, such as changing display resolutions and installing new software, not to mention basic troubleshooting like reading the system log files, restarting basic services, etc. -- --- Paul D. Smith <[EMAIL PROTECTED]> HASMAT--HA Software Mthds & Tools "Please remain calm...I may be mad, but I am a professional." --Mad Scientist --- These are my opinions---Nortel Networks takes no responsibility for them. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Is there any encrypted or secure NFS?
On Mon, 2004-01-05 at 23:30, Paul Smith wrote: > %% Mark Roach <[EMAIL PROTECTED]> writes: > > mr> Note: if you tell me that he is going to boot off a knoppix CD and > mr> crack root on the box to su to userB, you must give me at least > mr> one example of an alternative that is not susceptible to an attack > mr> by a malicious local root > > Any method that forces the client to authenticate himself by more than > simple UID. It must be doable since Windows SMB does it: having > Administrator privileges on your Windows box doesn't give you the > ability to read anyone else's files on a remote SMB share. Two words, keystroke logger. Or, have a telnetd program set to autostart on that windows box on logon, log in to the telnet session, instant access. > For example, there are versions of NFS that use Kerberos for > authentication. In this scenario simply being root (which given > physical access to the box is obviously trivial) won't get you access to > someone else's files. I don't personally know of any site that uses > this, but it's in the NFS standards. > You may argue that if you have root access on your target's box you can > snoop enough information to fake out Kerberos, and you're probably > right. Yup. Install a key-sniffer, wait for the victim to unwittingly type his password. > You can install trojans, for starters. But at least you have to > have root access on _their_ box incorrect, see above. This is all a moot point though, the fact is that there is no way to secure the data going in and out of a machine such that root can't ever get at it. There are lot's of attempts at making it difficult (it's called DRM) but it is not something that is possible to completely attain. The sensible person will use the tool that makes the job difficult enough to dissuade the likely attackers based on the level of risk involved (this is assuming that security/complexity are tradeoffs, if there exists a more secure, less complex option, it's a no-brainer). I am not saying that nfs is super-secure here, so I hope nobody gets me wrong. (though I do think that in many cases it is "good enough") My only point in all of this is that if you think other protocols have magic, not-even-root-can-catch-me-now-bwahahaha voodoo, you are mistaken. -- Mark Roach -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Is there any encrypted or secure NFS?
%% Mark Roach <[EMAIL PROTECTED]> writes: mr> Note: if you tell me that he is going to boot off a knoppix CD and mr> crack root on the box to su to userB, you must give me at least mr> one example of an alternative that is not susceptible to an attack mr> by a malicious local root Any method that forces the client to authenticate himself by more than simple UID. It must be doable since Windows SMB does it: having Administrator privileges on your Windows box doesn't give you the ability to read anyone else's files on a remote SMB share. For example, there are versions of NFS that use Kerberos for authentication. In this scenario simply being root (which given physical access to the box is obviously trivial) won't get you access to someone else's files. I don't personally know of any site that uses this, but it's in the NFS standards. You may argue that if you have root access on your target's box you can snoop enough information to fake out Kerberos, and you're probably right. You can install trojans, for starters. But at least you have to have root access on _their_ box and you have to do some work that is potentially detectable; with normal NFS all you need is root access on your _OWN_ box, plus a trivial "su", which is far, far simpler to accomplish, and virtually untraceable. -- --- Paul D. Smith <[EMAIL PROTECTED]> HASMAT--HA Software Mthds & Tools "Please remain calm...I may be mad, but I am a professional." --Mad Scientist --- These are my opinions---Nortel Networks takes no responsibility for them. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Is there any encrypted or secure NFS?
On Mon, 2004-01-05 at 21:48, Alvin Oga wrote: > On Mon, 5 Jan 2004, Brett Carrington wrote: > > > On Mon, Jan 05, 2004 at 09:14:27PM -0500, Mark Roach wrote: > > > > This might be encrypted, but hardly secure, for instance if user A has > > > > physical access to NFS client > > > > and user B has physical access to nfs client, what prevents user A from > > > > accessing user B's files through VPN? > > > > > > File permissions. > > wont help ... the user has acces to their files on the other end OK, I'm obviously missing something here. Here's what I'm hearing NFS Server --- NFS Client (Home of User A and User B) The server is exporting /home which includes /home/userA and /home/userB. File permissions are set to 700 (or 770 with appropriate groups) on both home directories. The client has mounted the server's /home as /mnt/remote_homes User A wants to access user B's files that are under /mnt/remote_homes/userB. How are you suggesting that this is going to be possible? Note: if you tell me that he is going to boot off a knoppix CD and crack root on the box to su to userB, you must give me at least one example of an alternative that is not susceptible to an attack by a malicious local root > > Even so, you'd have this problem with or without an IPSec VPN. The VPN's > > job, in this case, is lower-layer encryption. File systems on your > > host/NFS Client are out of the spectrum of what a VPN can do. A VPN is > > only going to protect your data from snoopers of NFS packets. > > "maybe" [snip random security stuffs] > - allowing nfs just makes all the snooping easier ... > too many old holes - that may or may not be patched > > nfs --> "Not For Security" > > setting up and properly running a "secure nfs" is a whole other > ballgame NFS definitely is not the right tool for every situation. There are some situations though, where it _is_ a good tool, and additional circumstances where the addition of IPSEC makes it a reasonable option when it otherwise wouldn't have been. -- Mark Roach -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Is there any encrypted or secure NFS?
On Mon, 2004-01-05 at 21:25, Brett Carrington wrote: > On Mon, Jan 05, 2004 at 09:14:27PM -0500, Mark Roach wrote: > > > This might be encrypted, but hardly secure, for instance if user A has > > > physical access to NFS client > > > and user B has physical access to nfs client, what prevents user A from > > > accessing user B's files through VPN? > > > > File permissions. > > > > Even so, you'd have this problem with or without an IPSec VPN. The VPN's > job, in this case, is lower-layer encryption. File systems on your > host/NFS Client are out of the spectrum of what a VPN can do. A VPN is > only going to protect your data from snoopers of NFS packets. Right, which is why I pointed to file permissions instead of the VPN as the protecting factor here. I don't really know what Rohit was suggesting as an alternative, but if he thinks there is any security mechanism that can protect against all attacks regardless of whether the attacker has root, he is mistaken. At some point there has to exist a status of "trusted." Unless you want to lock your computer in a vault, set bios and lilo passwords, buy a van-eck cage, and carry your keyboard with you at all times, you are probably better off protecting yourself from the class of attackers who pose an actual (plausible) threat. -- Mark Roach -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Is there any encrypted or secure NFS?
On Mon, 5 Jan 2004, Brett Carrington wrote: > On Mon, Jan 05, 2004 at 09:14:27PM -0500, Mark Roach wrote: > > > This might be encrypted, but hardly secure, for instance if user A has > > > physical access to NFS client > > > and user B has physical access to nfs client, what prevents user A from > > > accessing user B's files through VPN? > > > > File permissions. wont help ... the user has acces to their files on the other end > Even so, you'd have this problem with or without an IPSec VPN. The VPN's > job, in this case, is lower-layer encryption. File systems on your > host/NFS Client are out of the spectrum of what a VPN can do. A VPN is > only going to protect your data from snoopers of NFS packets. "maybe" places where the cracker can see your "credit card" ( sensitive data ) - while you're away from your desk - while its still in netscape cache - in transit to the webstore - while its in memory (-- you've got bigger problems --) - vpn/ssh snoopping of the wire (-- you've gove bigger problems--) - from your home network ssh'd/vpn'd into the corp lan - trash can - i think the major comment, was what if the dude just sits at the terminal while your away .. - encrypted traffic or encrypted fs will not prevent the cracker from seeing the "good data" they're not supposed to have seen - always passwd protect your screen and always use different passwds for each pc "encryption" is still uselsess if you use ez 2 remember pass phrase or words from the dictionary or common phrases and "misstyped" passwds .. or written down on a piece of paper that is easy to find on the keyboard, monitor, mousepad, drawers, rolodex, bookmarkers, ... - it's even more trivial to go snooping if you use passwdless logins - allowing nfs just makes all the snooping easier ... too many old holes - that may or may not be patched nfs --> "Not For Security" setting up and properly running a "secure nfs" is a whole other ballgame c ya alvin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Is there any encrypted or secure NFS?
On Mon, Jan 05, 2004 at 09:14:27PM -0500, Mark Roach wrote: > > This might be encrypted, but hardly secure, for instance if user A has > > physical access to NFS client > > and user B has physical access to nfs client, what prevents user A from > > accessing user B's files through VPN? > > File permissions. > Even so, you'd have this problem with or without an IPSec VPN. The VPN's job, in this case, is lower-layer encryption. File systems on your host/NFS Client are out of the spectrum of what a VPN can do. A VPN is only going to protect your data from snoopers of NFS packets. signature.asc Description: Digital signature
Re: Is there any encrypted or secure NFS?
On Mon, 2004-01-05 at 07:49, Rohit Kumar Mehta wrote: > Mark Roach wrote: > >Get it properly encrypted at a lower level with ipsec, and you can go > >about your business (whee, telnet's back). > > > > > This might be encrypted, but hardly secure, for instance if user A has > physical access to NFS client > and user B has physical access to nfs client, what prevents user A from > accessing user B's files through VPN? File permissions. -- Mark Roach -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Is there any encrypted or secure NFS?
Mark Roach wrote: On Sat, 2004-01-03 at 08:50, J.H.M. Dassen (Ray) wrote: On Sat, Jan 03, 2004 at 08:30:48 -0500, Antonio Rodriguez wrote: What would be the best route to establish an encrypted or secure nfs session? There are several approaches: - Establish a VPN connection (e.g. FreeS/WAN IPSec, or tinc) between the hosts and route your NFS traffic over it. This is probably the most straightforward and mature option. I would strongly encourage this method. Does it strike anyone else as strange that every single application protocol has to (or just _is_) writing their own security/encryption system? Get it properly encrypted at a lower level with ipsec, and you can go about your business (whee, telnet's back). This might be encrypted, but hardly secure, for instance if user A has physical access to NFS client and user B has physical access to nfs client, what prevents user A from accessing user B's files through VPN? Also consider Linux Enhanced SMBFS: http://uranus.it.swin.edu.au/~jn/linux/smbfs/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Is there any encrypted or secure NFS?
On Sun, Jan 04, 2004 at 02:36:05PM -0500, Mark Roach wrote: > On Sat, 2004-01-03 at 08:50, J.H.M. Dassen (Ray) wrote: > > On Sat, Jan 03, 2004 at 08:30:48 -0500, Antonio Rodriguez wrote: > > > What would be the best route to establish an encrypted or secure nfs > > > session? > > > > There are several approaches: > > - Establish a VPN connection (e.g. FreeS/WAN IPSec, or tinc) between the > > hosts and route your NFS traffic over it. > > This is probably the most straightforward and mature option. > > I would strongly encourage this method. Does it strike anyone else as > strange that every single application protocol has to (or just _is_) > writing their own security/encryption system? This is an interesting -very!- remark. Even convergent with certain others. > > Get it properly encrypted at a lower level with ipsec, and you can go > about your business (whee, telnet's back). > -- > Mark Roach > Thanks Mark. I will check into this seriously. AR -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Is there any encrypted or secure NFS?
On Sat, 2004-01-03 at 08:50, J.H.M. Dassen (Ray) wrote: > On Sat, Jan 03, 2004 at 08:30:48 -0500, Antonio Rodriguez wrote: > > What would be the best route to establish an encrypted or secure nfs > > session? > > There are several approaches: > - Establish a VPN connection (e.g. FreeS/WAN IPSec, or tinc) between the > hosts and route your NFS traffic over it. > This is probably the most straightforward and mature option. I would strongly encourage this method. Does it strike anyone else as strange that every single application protocol has to (or just _is_) writing their own security/encryption system? Get it properly encrypted at a lower level with ipsec, and you can go about your business (whee, telnet's back). -- Mark Roach -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Is there any encrypted or secure NFS? - encrypted fs
On Sat, 3 Jan 2004, Antonio Rodriguez wrote: > > regardless of method the basic underlying nfs structure is insecure > > so you're supposed to replace the insecure portmap, rpc services with > > something more secure > > http://www.linux-sec.net/FileSystem/#NFS ... > > - or even better, use an encrypted fs.. than its no longer an > > issue > > Any pointers to encrypted fs? see the url posted -- bottom of that page c ya alvin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Is there any encrypted or secure NFS?
Antonio Rodriguez wrote: On Sat, Jan 03, 2004 at 02:36:33PM -0800, Alvin Oga wrote: Antonio> What would be the best route to establish an encrypted or Antonio> secure nfs session? I would like to be able to mount a faraway Antonio> (debian) machine with confidence of not being observed. Any Antonio> ideas? Thanks. use secure rpc use secure portmap use secure nfs use scp/ssh --> use a good hard to guess/type passphrase Isn't it possible to mount drives with ssh, so it does the scp tranparently? regardless of method the basic underlying nfs structure is insecure so you're supposed to replace the insecure portmap, rpc services with something more secure http://www.linux-sec.net/FileSystem/#NFS - crackers can get into your box via nfs vulnerabilities because you have it "on" ( big problem ) or start on another path of coda, intermezzo, afs, ... ( more fun and tricks ) - or even better, use an encrypted fs.. than its no longer an issue Any pointers to encrypted fs? at the bottom of the page referred above http://www.linux-sec.net/FileSystem panda -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Is there any encrypted or secure NFS?
On Sat, Jan 03, 2004 at 02:36:33PM -0800, Alvin Oga wrote: > > > > > Antonio> What would be the best route to establish an encrypted or > > > > Antonio> secure nfs session? I would like to be able to mount a faraway > > > > Antonio> (debian) machine with confidence of not being observed. Any > > > > Antonio> ideas? Thanks. > > > > > > use secure rpc > > > use secure portmap > > > use secure nfs > > > use scp/ssh --> use a good hard to guess/type passphrase > > > > Isn't it possible to mount drives with ssh, so it does the scp > > tranparently? > > regardless of method the basic underlying nfs structure is insecure > so you're supposed to replace the insecure portmap, rpc services with > something more secure > http://www.linux-sec.net/FileSystem/#NFS > > - crackers can get into your box via nfs vulnerabilities > because you have it "on" ( big problem ) > > or start on another path of coda, intermezzo, afs, ... > ( more fun and tricks ) > > - or even better, use an encrypted fs.. than its no longer an > issue Any pointers to encrypted fs? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Is there any encrypted or secure NFS?
On Sat, 3 Jan 2004, Nano Nano wrote: > On Sat, Jan 03, 2004 at 01:04:21PM -0800, Alvin Oga wrote: > > > > > > "Antonio" == Antonio Rodriguez <[EMAIL PROTECTED]> writes: > > > > > > Antonio> What would be the best route to establish an encrypted or > > > Antonio> secure nfs session? I would like to be able to mount a faraway > > > Antonio> (debian) machine with confidence of not being observed. Any > > > Antonio> ideas? Thanks. > > > > use secure rpc > > use secure portmap > > use secure nfs > > use scp/ssh --> use a good hard to guess/type passphrase > > Isn't it possible to mount drives with ssh, so it does the scp > tranparently? regardless of method the basic underlying nfs structure is insecure so you're supposed to replace the insecure portmap, rpc services with something more secure http://www.linux-sec.net/FileSystem/#NFS - crackers can get into your box via nfs vulnerabilities because you have it "on" ( big problem ) or start on another path of coda, intermezzo, afs, ... ( more fun and tricks ) - or even better, use an encrypted fs.. than its no longer an issue regardless of method, turn off nfs when not in use and dont use nfs if at possible - automounter can umount it for you when its not in use dumb way ... ( brute force ) user# scp /net/remote-host/mnt/secret/secret-files.txt . ( trivial way and works easily/fast w/ autofs ) remote host should be setup to export /mnt/secret to "user" only better way ... better way# ssh -l user remote-host -- and enter your pwd -- do your magic -- your reequest for nfs is hereby denied !! /home is probably the only that should be NFS mounted via an automounter individually for each users home dir ... -- if you mean: ( hardway .. worst way ) localpc# ssh remote " mount /dev/hdc /mnt/secret ; \ scp /mnt/secret/salaries.txt . ; umount /mnt/secret " too messy ... too many assumptions ... no verification/checking - you dont know that you mounted/umounted properly - root should never be able too ssh into another pc - users should never be able to mount remote filesystems - too many security violations --- remote machine -- should automount /mnt/secret whenever certain users tries to access /mnt/secret/secret - if security is an issue, it should never be mounted except for local users ... and NOT exported -- - turn off nfs when not in use ( if you use s script mount it before you use the remote fs ) - if security is an issue... that script should be shot -- if you use scp ... don't use pass phrase like "pass phrase 123" and dont use user passwd like "spot123" where spot is your dog's name == all that easily guessable stuff makes ssh useless == anytime the other machine acccepts root logins w/o passwords because it uses keys, than the cracker has access to both machines without knowing any passwds - problem is people cant seem to live w/o nfs... or dont want to do things a better way c ya alvin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Is there any encrypted or secure NFS?
On Sat, Jan 03, 2004 at 01:04:21PM -0800, Alvin Oga wrote: > > > > "Antonio" == Antonio Rodriguez <[EMAIL PROTECTED]> writes: > > > > Antonio> What would be the best route to establish an encrypted or > > Antonio> secure nfs session? I would like to be able to mount a faraway > > Antonio> (debian) machine with confidence of not being observed. Any > > Antonio> ideas? Thanks. > > use secure rpc > use secure portmap > use secure nfs > use scp/ssh --> use a good hard to guess/type passphrase Isn't it possible to mount drives with ssh, so it does the scp tranparently? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Is there any encrypted or secure NFS?
hi ya antonio On Sat, 3 Jan 2004, Hubert Chan wrote: > > "Antonio" == Antonio Rodriguez <[EMAIL PROTECTED]> writes: > > Antonio> What would be the best route to establish an encrypted or > Antonio> secure nfs session? I would like to be able to mount a faraway > Antonio> (debian) machine with confidence of not being observed. Any > Antonio> ideas? Thanks. dont do it... but... > You can try tunnelling NFS over SSH. > > http://www.math.ualberta.ca/imaging/snfs/ http://www.Linux-Sec.net/FileSystem/ use secure rpc use secure portmap use secure nfs use scp/ssh --> use a good hard to guess/type passphrase lock down who can mount and read/write/copy stuff back and forth == == assume the cracker has sniffed your encrypted nfs traffic == - if all that is within your work environment... watch out for the dude in the other cubicle that is poking around at HR's salary review files c ya alvin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Is there any encrypted or secure NFS?
> "Antonio" == Antonio Rodriguez <[EMAIL PROTECTED]> writes: Antonio> What would be the best route to establish an encrypted or Antonio> secure nfs session? I would like to be able to mount a faraway Antonio> (debian) machine with confidence of not being observed. Any Antonio> ideas? Thanks. You can try tunnelling NFS over SSH. http://www.math.ualberta.ca/imaging/snfs/ (It's written for RedHat, but should work under Debian.) -- Hubert Chan <[EMAIL PROTECTED]> - http://www.uhoreg.ca/ PGP/GnuPG key: 1024D/124B61FA Fingerprint: 96C5 012F 5F74 A5F7 1FF7 5291 AF29 C719 124B 61FA Key available at wwwkeys.pgp.net. Encrypted e-mail preferred. pgp0.pgp Description: PGP signature
Re: Is there any encrypted or secure NFS?
On Sat, Jan 03, 2004 at 08:30:48 -0500, Antonio Rodriguez wrote: > What would be the best route to establish an encrypted or secure nfs > session? There are several approaches: - Establish a VPN connection (e.g. FreeS/WAN IPSec, or tinc) between the hosts and route your NFS traffic over it. This is probably the most straightforward and mature option. - Look into NFSv3 over secure RPC. - Look into NFSv4. - Use a different network filesystem that has encrypted connections builtin. I'm not familiar with them; you may want to look at openafs, tcfs, intermezzo, and coda. > I would like to be able to mount a faraway (debian) machine with > confidence of not being observed. Any ideas? Encryption is used to scramble your traffic. It's still observable that you're communicating with the remote machine, just the traffic itself is being secured against unauthorised eyes. HTH, Ray -- Pinky, Are You Pondering What I'm Pondering? I think so Brain, but if they called them "sad meals", kids wouldn't buy them. Pinky and the Brain in "Brain Meets Brawn" -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Is there any encrypted or secure NFS?
What would be the best route to establish an encrypted or secure nfs session? I would like to be able to mount a faraway (debian) machine with confidence of not being observed. Any ideas? Thanks. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]