Re: FC5, Firefox, NFS /home

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Garry T. Williams wrote:
> On Tuesday 20 June 2006 04:31, Keith G. Robertson-Turner wrote:
>> Dan wrote:

>>> I have an FC5 server which has exported /home via NFS. Client
>>> machines automount /home.

>> Using /home as a network share is inherently insecure,

> What does that mean?

Threats To Server Security
https://www.redhat.com/docs/manuals/linux/RHL-8.0-Manual/security-guide/s1-risk-serv.html

######
"Inherently Insecure Services

Even the most vigilant organization that does their job well and keeps
up with their daily responsibilities can fall victim to
vulnerabilities if the services they choose for their network are
inherently insecure. There are certain services that were developed
under the assumption that they will be used over trusted networks;
however, this assumption falls short as soon as the service becomes
available over the Internet.
<...>
Another example of insecure services are network file systems and
information services such as NFS or NIS which are developed explicitly
for LAN usage but are, unfortunately, extended to include WANs (for
remote users). NFS does not, by default, have any authentication or
security mechanisms configured that will prevent a cracker from simply
mounting the NFS share and accessing anything contained therein. NIS,
as well, has vital information that must be known by every computer on
a network, including passwords and file permissions, within a plain
text ACSII or DBM (ASCII-derived) database. A cracker can take this
database and find the passwords of each and every user on a network,
including the administrator."
######

Or IOW:
Private data ($HOME) should be isolated from potentially publicly
accessible network shares, even if there are other security mechanisms
in place to safeguard it (firewall), since those mechanisms could
potentially be compromised by vulnerabilities. If that data is
isolated from inherently insecure services, the risks are reduced
considerably.

--
K.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux