Re: hunting for secure fileserver-connection!
"[EMAIL PROTECTED]@mgEDV.net" <[EMAIL PROTECTED]> wrote: > > > If you don't trust CIFS/Samba enough to be secure against local sniffers, > and > > you won't run IPsec, you're left with odd things like Sun's SecureNFS > software, > > only I doubt that's available for a FreeBSD fileserver. > that's what i was afraid of. ipsec would be great, if it was possible to > have it > setup itself against the server each time you login (maybe windows logon) > but theres > always a client software needed, and in most cases, you're not able to > access other > networks smoothly if connected. I've never actually used it, but IPsec in transport mode should be capable of what you want, and should not have the negative side effects you describe. At least that's the way it's designed. It might be implemented poorly on Windows, I don't know. -- Bill Moran Potential Technologies http://www.potentialtech.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: hunting for secure fileserver-connection!
> If you don't trust CIFS/Samba enough to be secure against local sniffers, and > you won't run IPsec, you're left with odd things like Sun's SecureNFS software, > only I doubt that's available for a FreeBSD fileserver. that's what i was afraid of. ipsec would be great, if it was possible to have it setup itself against the server each time you login (maybe windows logon) but theres always a client software needed, and in most cases, you're not able to access other networks smoothly if connected. > If you've got 1.5TB of storage, perhaps you should talk to Auspex or NetApp and > see what the NAS folk have to offer... maybe you're right on that, but currently, we have to test the FreeBSD thing, and set it up (because the hw is already here...) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: hunting for secure fileserver-connection!
[EMAIL PROTECTED]@mgEDV.net wrote: > the scenario: > - freebsd-fileserver with encrypted HDD's (GELI) (1.5TB) > - windows (sorry for that, it's a requirement) as client > > the quest: > - securely mount shared filesystems from the server from > the windows client w/o being open to sniffers/network > hacks (non-weak encryption required) > - files should be accessible like with windows-fileserver > shares through UNC and/or drive-name(s) > - server and clients should share the same network. (no > tunnelling etc...) > - authentication should be done against local defined users > > what we don't want: > - VPN/IPSEC/... between the hosts > - webdav > > we've been looking on solutions like secure nfs over tcp, > samba, etc... but except making it slower, there have been > no real good solutions until yet. > > anybody out there, who has a good advice on that? If you don't trust CIFS/Samba enough to be secure against local sniffers, and you won't run IPsec, you're left with odd things like Sun's SecureNFS software, only I doubt that's available for a FreeBSD fileserver. If you've got 1.5TB of storage, perhaps you should talk to Auspex or NetApp and see what the NAS folk have to offer... -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"