[SGVLUG] NFD over Internet

Robert mrflash818 at geophile.net
Mon Dec 5 09:44:36 PST 2005


Greets,

Perhaps look into sshfs?




> Alex Roston wrote:
>> Does anyone know if NFS can be safely deployed over the Internet?
>
> Do man-in-the-middle attacks make you feel cozy with the idea?
>

>
> So the client copies the encrypted file over the wire, decrypts it,
> reads the appropriate value, changes it if necessary, and if changed,
> re-encrypts the file and writes it back to its source location?
>

>
> MySQL supports SSL or TLS.  I'm sure other DBs do as well.
>

> Here's another option:  CVS over SSH.  This would also give your file a
> running history, but not if it is encrypted.
>
>
>> Lastly, if this isn't practical, what's the best (and hopefully easiet)
>> way to implement an authentication system over the net?
>
> For NFS, I would definitely consider implementing IPsec on all involved
> nodes.  But I seriously wouldn't want to do this system with a single
> flat file.  Did you even consider the opportunities for race conditions?
>   A relational database is a much better way to store this kind of data.
>
> With a database, you have two ways of securing the data, either TLS or
> once again, IPsec.  I prefer IPsec in this case because you don't make
> the database port visibly open to anyone else.  And, of course, you can
> use them both.
>
> Adding Tom's suggestion of radius to IPsec and a DBMS, I think you would
> have a more perfect system.
>


-- 
"Knowledge is Power" -- Francis Bacon

Robert Leyva
mrflash818 at geophile.net




More information about the SGVLUG mailing list