[ale] Linux NAS Distributio

Bob Toxen transam at verysecurelinux.com
Mon Jul 9 01:14:23 EDT 2007


NFS has security vulnerabilities.  I recommend NOT using it via UDP
unless you are in a SECURE network behind a firewall.  Instead use it
via TCP.  I suggest not using it at all unless on a SECURE network
behind a firewall.

It's security is based on the generally false assumption that packets
(e.g., UDP packets) will not be spoofed and that on every system on
the network, only a trusted SysAdmin will send packets from or receive
packets to a port number below 1024.  That assumption has been false
for at least a decade as any hacker can connect his or her Windows
or Linux laptop to a network and spoof traffic from "trusted" systems.

Bob Toxen
bob at verysecurelinux.com               [Please use for email to me]
http://www.verysecurelinux.com        [Network&Linux/Unix security consulting]
http://www.realworldlinuxsecurity.com [My book:"Real World Linux Security 2/e"]
Quality Linux & UNIX security and SysAdmin & software consulting since 1990.
Quality spam and virus filters.

On Sat, Jul 07, 2007 at 07:23:59PM -0400, Jerald Sheets wrote:
> The thing I'm finding interesting here is I'm not sure what the scoop  
> is on your requirements.
> 
> Before we went Netapp, we were using straight OpenSuSE and mounting  
> NFS via UDP  (i.e. /www mounted to the nases share)
> 
> 
> Is there something I'm missing in the requirement for you?  I mean,  
> if it'll handle a few million a day for us...
> 
> --j
> 
> 
> On Jul 7, 2007, at 2:34 PM, Christopher Fowler wrote:
> 
> > After playing around with FreeNAS I kinda like it.  It may not be  
> > Linux
> > but it seems to do a decent job.  I looked at Openfiler and it  
> > appeared
> > that neither it nor FreeNAS had support for making backups to DVD's.
> > Maybe in a later version.  I'm trying to learn FreeNAS now under  
> > vmware.
> >
> >
> >
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://www.ale.org/mailman/listinfo/ale
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale



More information about the Ale mailing list