Re: Secure nfs
Having peeked at the TCFS sourcecode and scanned their 95-slides presentation (http://www.tcfs.it/docs/linux-expo-2001/Diapositiva1.JPG.html): TCFS encrypts at the file block level, and the protocol for sending file blocks back and forth is plain NFS, so an eavesdropper knows which block of which file you access in each operation. The filenames aren't visible, but their lengths, and sizes and directory hierarchy are. In many cases, this would leave little room for imagination. As for the file contents: we want blocks to be encrypted differently across time, across files and across offsets. TCFS fails miserably on all three accounts: 1. A given block of a given file is always encrypted with the same key and without random padding. 2. They claim that blocks in different files are encrypted differently because each file has it's own file key, but there's nothing to prevent an attacker from modifying the file key so it becomes identical to that of another file! There's a checksum on the file header, but it's cryptographically useless. 3. Blocks at different offsets are encrypted differently, but by combining the above two we can work around this. To compare the blocks at offsets I and J of file X: find a file Y in which data is often shifted back and forth, such as a large document that the user edits frequently. Cause X and Y to have the same file key. Copy the block at offset I of X to offset I of Y and wait until it happens to reach offset J of Y. Viola. So, we have encryption that's completely deterministic (directly or indirectly), and a very real prospect of chosen-plaintext attack (because it suffices for the attacker to cause data of his choice to be written to an arbitrary file, such as a mailbox). This Transparent Cryptographic File System is somewhat more transparent than intended -- it's completely insecure. Do not use it. Eran Official Flamer/Cabal NON-Leader wrote: Hmmm... I suspect that TCFS (Transparent Cryptographic FS) is the better answer it behaves like NFS (errr, it _is_ NFS to a significant degree. The URL is http://www.tcfs.it. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Secure nfs
On Fri, 2002-11-15 at 07:32, Official Flamer/Cabal NON-Leader wrote: Quoth Eran Tromer: Meir Michanie wrote: The problem with using nfs today is authentication (don't read authorization, it may be another problem) The alternative filesystems included AFS, SFS, CODA and InterMezzo. Hmmm... I suspect that TCFS (Transparent Cryptographic FS) is the better answer it behaves like NFS (errr, it _is_ NFS to a significant degree. The URL is http://www.tcfs.it. M I didn't go deeply reading about TCFS, but the first impression i got was that if you have a multi platform env. (Solaris, HP-sUX, etc..) you won't be able to use this FS -- Noam Meltzer [EMAIL PROTECTED] ICQ: 4853872 = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
ftp-proxy
Just wanted to ask what peoples here think about ftp-proxy? It seems a good idea but I didnt got into it so much. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Secure nfs
I have noticed another thing with this post. People talk about security, firewalling, but I am 100% sure than there is more people in this list besides me that need the functionality of NFS, worst is that I am sure they as I were letting this issue pass under their eyes. So ... How come nobody replied saying: yes, in order to use nfs services or alike do, a. b. c. ... It means that in theory we all care about security, but who really cares about counter-measures? In the book Computer Crime (recommended) it points that most of the attacks come from insiders. This means any person with physical access to your network. The worst is that NFS security using port mapper could be used without leaving any track. So, why do you fill so secure when you lock all the doors but you are missing a wall? - NFS: (no fu... security) in hebrew would mean there is not, cero (ein efes). = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Logging in named.conf
How do I define a zone-specific logging in named.conf? My question relates to name servers that define multiple zones (domains). Logging is defined usually as an external block, exactly as Zone. It's impossible to define Logging inside one zone instead of externally. How can I limit the logging to one zone? Thanks, -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
KDE direction of development
On Wednesday 13 November 2002 11:12, Dvir Volk wrote: AFAIK, this is the main goal of KDE 3.2 - increasing interface responsiveness and launch speed, rather than bloating KDE with more features. Just to disparage the myth that KDE releases have some specific development direction -- a KDE minor version release is simply an opportunity for developers to include new features (which do not break backward compatibility; that's the main rule of minor versions). If one of the developer's goals is to prepare major speedups in time for the 3.2 release - they'll arrive. Usually, the developers don't have a joint goal like a major software house does (e.g. Microsoft can decide that for Windows .NET Server, their main goal would be improving security and they'll allocate N developers for that) so each developer will just scratch his own itch. That's not the official development method of KDE; that's just the way things are, in real life. A rule set by the release managers is that you should announce the features you plan to add ahead of time, rather than dropping a patch on the doorstep one day before the freeze. Those are the things you MIGHT see in KDE 3.2: http://developer.kde.org/development-versions/kde-3.2-features.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Secure nfs
On 15 Nov 2002 00:28:00 +0200, Meir Michanie [EMAIL PROTECTED] wrote: One solution is using NFS over ssh. to do this you need: 1. edit /etc/exports to something like /home localhost(rw,root_squash,secure) Agreed. 2. generate a private key for root and put it in every client machine (ssh requires the file to have permision --- for group and others. 2.1 copying the public key to .ssh/authorized-keys NO. 2.1 create a DSA private/public keys pair for each client. save the private key in the client ~root/.ssh/id_dsa_NFS (with mode rw--- and the directory rwx--). 2.2 Transfer the public key to the host machine and save it in ~root/.shh/authorized_keys2 with syntax like this: command=exec COMMAND,no-pty,permitopen=localhost:2049 ssh-dss public-key Where COMMAND is some program or script that will show the current status and allow the user to terminate but nothing else. (I have written several scripts that is used for users who use the ssh server machine just to connect to another machines, mostly using VNC). I wrote the nfs port explicitly because I'm not sure that `permitopen=localhost:nfs' will work. 3. using ssh to redirect ports ssh -f -L 1234:nfs-server:nfs -i ssh/identity /bin/sleep 60 Change that to: 3. ssh -L l-port:localhost:2049 -i ~root/.ssh/id_dsa_NFS NFS-server Your original line misses the hostname and the command is not needed (it is dictated by the key in authorized_keys2). BUT!! this brings two other problems: 1. all connections to NFS on the server will show as from localhost. Minor problem. 2. any machine able to connect with ssh is also able to mount the nfs drive even do you block the nfs ports. (this could open another discussion: How secure is to run ssh.) It depends on your authorized_keys configuration (see above). As a rule I change the sshd_config to NOT allow password login - (PasswordAuthentication no). Since NFS is allowed only to root, only the machines with root access and with correctly configured public key can do it. 3. get the private key from one compromised client and you have root control over the net, next step would be ssh root@server -i compromised-key That is not true. The intruder has already root privile for the broken in system and all she can do is what she can do localy on that system (she can not run anything on the NFS host directly). I read this article and I do not know if it works on linux. http://www.unet.univie.ac.at/aix/aixbman/commadmn/nfs_secure.htm SO, how do you set a roaming profile ($HOME) without compromising the entire network to make a walk in the park for a newbie hacker? So it's quite secure (as secure as SSH for login). Ehud. -- Ehud Karni Tel: +972-3-7966-561 /\ Mivtach - Simon Fax: +972-3-7966-667 \ / ASCII Ribbon Campaign Insurance agencies (USA) voice mail and X Against HTML Mail http://www.mvs.co.il FAX: 1-815-5509341 / \ mailto:[EMAIL PROTECTED] Better Safe Than Sorry = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Secure nfs
On Fri, Nov 15, 2002 at 06:58:54AM +0200, Eran Tromer wrote: I see that Coda is now in the stock Linux kernel, so maybe things have indeed improved. Eran Wasn't there a CODA option in the Kernel configuration for a long time? I do know that a new or improved CODA package was uploaded to Debian's experimental section lately. It might be maturing. In addition, the LDP NFS HOWTO says that many features of CODA and other network file systems will/are incorporated to NFS v4, which is currently a draft then anything else. Yet I don't know what features exactly. Eran Tromer wrote: The alternative filesystems included AFS, SFS, CODA and InterMezzo. Theoretically all are up to the task, but the last three were immature (at least at that time) and AFS lacks Unix filesystem semantics and is horribly complex. More details in the list archives. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED] -- Shaul Karl, [EMAIL PROTECTED] e t = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
