[CS-FSLUG] NFS Scenarios
Fred Miller
fmiller at lightlink.com
Mon Nov 8 10:09:28 CST 2004
On Sunday November 7 2004 9:18 pm, Don Parris wrote:
[snip]
> I am aware there are security issues with NFS, but wasn't sure exactly
> what was involved. I am also aware that NIS is insecure by design. I
> would rather use LDAP in my case, as it offers a more secure solution
> than NIS. I mainly was curious about how to implement a sensible NFS
> configuration. I will read up on the articles pointed out to me in
> your responses so far, and return with any further questions. Thanks
> for the input.
Don, you can negate much of the security risk by having a switch or router on
the "outside" of your LAN that has a configurable firewall. You set it up so
that NFS is BLOCKED on the WAN side and only allowed on the LAN. You can also
have a Linux server on the inside of the router/switch that does the same
thing. I'm "double firewalled" here, but don't use NFS.
Hope this helps,
Fred
--
"Democracy is two wolves and a lamb voting on what to
have for lunch. Liberty is a well-armed lamb contesting the
vote." - Benjamin Franklin 1759
More information about the Christiansource
mailing list