[K12OSN] NFS Client for Windows
Les Mikesell
les at futuresource.com
Wed May 26 16:50:55 UTC 2004
On Wed, 2004-05-26 at 11:12, Jim Kronebusch wrote:
> Just curious as to why it is such a bad idea.
To start with, NFS is fairly insecure. Even in the best case
if you are root on the client you can pretend to be anybody
on the server as far as access to the shared files goes. It
uses IP addresses for host authentication and these can be
faked fairly easily. It also normally runs over UDP which
is fast on a mostly error-free local network but not a good
idea over the internet since it doesn't have a built-in error
correction mechanism (NFS has it's own, but not as good as TCP's).
Then you have to install the client software on every machine
since it isn't built-in. If you have to install a client, you
might as well use winscp over ssh and be secure, or a VPN if
you really need transparent file access instead of just the
ability to copy back and forth.
If you are willing to trade a bit of security for convenient
mapped file access, you could go with samba on the server
restricting access to the known clients IP addresses in
samba, iptables firewalling, or both. That way you don't
need anything special on the client, you at least require
a login and password, and needing a TCP connection makes it
quite a bit harder to spoof the IP address. I'd expect that
to be about as safe (or unsafe) as an FTP server on the internet
but if there is anything worth stealing on the server I'd still
prefer ssh or a vpn.
---
Les Mikesell
les at futuresource.com
More information about the K12OSN
mailing list