is NFS secure ?

[Jeremy Lyon]

On 8/31/06, Shekhar Dhotre <sdhotre at cedardoc.com> wrote:
>
>
>
> OK ,   Is NFS secure ?
>
> No it is not.  And neither is SSH.  Nothing is or will ever be inherently
secure.  All of the
technology that we use is imagined, designed and created by humans.
Therefore it destined
to have bugs, security holes and misconfiguration.

Are four commercial grade deadbolts on my front door secure?  Not if the
window is open, or
I leave the keys out in the clear for everyone to find and use.  The same
goes for NFS and
SSH and Telnet and you name it.  There have been security holes in each one
of these tools,
and each one can be configured in a very insecure way if you don't really
know what you are doing.

Instead of focusing on is this tool secure or is that tool secure, the best
approach, IMHO, is to
focus on the System and whether it is Survivable.  A System is all of the
components that make
up a said environment, including but not limited to physical access, network
components (switches,
routers, firewalls), logical networks, servers, software (firmware, OS,
middleware, etc..), workstations,
users, process, etc...

All of these components should be carefully examined and designed with the
idea of a Survivable
system in mind.  I would suggest anyone interested in security and
survivable systems to check out the
research and analysis done by CERT at
http://www.cert.org/archive/html/analysis-method.html.  Also a
search of "Survivable Systems" will give you plenty of information on the
concepts and engineering behind
those concepts.

-Jeremy, RHCE