[SGVLUG] NFD over Internet

Jeff Carlson jeff at ultimateevil.org
Mon Dec 5 00:19:44 PST 2005 

Alex Roston wrote:
> Does anyone know if NFS can be safely deployed over the Internet?

Do man-in-the-middle attacks make you feel cozy with the idea?

> I have a program for my kiosk system which accepts cards. There's a card 
> number associated with a number of minutes. The customer types the card 
> number into a small application which looks the card up in an encrypted 
> file. If the card is accepted, the customer can use the kiosk until 
> his/her time runs out. If the customer quits before time runs out, 
> his/her extra minutes are saved in the file, and the customer can use 
> the card again.

So the client copies the encrypted file over the wire, decrypts it, 
reads the appropriate value, changes it if necessary, and if changed, 
re-encrypts the file and writes it back to its source location?

Have you ever heard of a relational database?  ;)

MySQL supports SSL or TLS.  I'm sure other DBs do as well.

> I have a customer who has deployed around 50 kiosks in Canada, and they 
> want to extend this system into a web-based application. It seems to me 
> that the cheapest way to do this is to simply make the file of 
> cardnumbers available over the Internet via NFS, but I'm unsure of the 
> possible consequences. Would this be safe? Would it be secure? If not, 
> is there a way to make it secure, such as by using SSH?

I wouldn't use SSH.  First of all, by default, Linux NFS is UDP, so you 
can't tunnel it through SSH.  The only NFS implementation that I know of 
as TCP by default is Solaris (although this could be true of other SysV 
Unixes).  It is possible to switch NFS to TCP in Linux, but if you know 
anything about TCP versus UDP networking, you might agree that with this 
kind of traffic, UDP is the way to go.  Of course, when you're dealing 
with a single small file, the overhead of TCP might be worth it.

Here's another option:  CVS over SSH.  This would also give your file a 
running history, but not if it is encrypted.

One of the main problems with exposing NFS to the Internet is that you 
must let the portmapper be visible on the Internet.  Is that an issue? 
There have been root exploitable bugs in the portmapper in the past. 
Even if you manage to keep it down to only the kiosk sites can even see 
your portmapper, it's still a risk because how much do you trust those 
Joe-Shmoes at the kiosk?

> Lastly, if this isn't practical, what's the best (and hopefully easiet) 
> way to implement an authentication system over the net?

For NFS, I would definitely consider implementing IPsec on all involved 
nodes.  But I seriously wouldn't want to do this system with a single 
flat file.  Did you even consider the opportunities for race conditions? 
  A relational database is a much better way to store this kind of data.

With a database, you have two ways of securing the data, either TLS or 
once again, IPsec.  I prefer IPsec in this case because you don't make 
the database port visibly open to anyone else.  And, of course, you can 
use them both.

Adding Tom's suggestion of radius to IPsec and a DBMS, I think you would 
have a more perfect system.

More information about the SGVLUG mailing list