On 5/3/2016 11:02 AM, Steve Gaarder wrote: > Yes, of course we do that. My question is whether there is also a way > to say that some volumes cannot be accessed from outside our network > regardless of credentials. Would it work to put all those volumes on a > server with a firewall that blocks access? > > Steve Gaarder > System Administrator, Dept of Mathematics > Cornell University, Ithaca, NY, USA > [email protected] > > On Tue, 3 May 2016, Brandon Allbery wrote: > >> fs sa /path/to/whatever system:anyuser none >>
Steve, You can put some of the file servers behind a VPN/firewall. This is the approach used by Stanford for their "Secure AFS" service. https://uit.stanford.edu/service/secureafs Stanford has a risk classification policy for data https://uit.stanford.edu/guide/riskclassifications Normal AFS is acceptable for low and moderate risk and the Secure AFS space is also acceptable for high risk data. The weakness with this approach is that there is nothing that prevents a cell administrator from accidentally moving a volume within the cell from a secure server to an insecure server. That and the fact that the AFS cell authentication and wire privacy is still using the fcrypt algorithm which is notoriously weak. AuriStorFS addresses these issues with: 1. Security Policies (Authn, Integ, Privacy) requirements on volumes and file servers. Only a file server with a security policy equal to or stricter than the volume policy can host the volume. These policies are used to enforce the proper security posture for each connection that a client uses when contacting a file server. 2. Labels. Volumes and File Servers can be assigned arbitrary labels. A volume can only reside on a file server that has a superset of the labels assigned to the volume. 3. The yfs-rxgk security class permits the use of the AES256-CTS-HMAC-SHA1-96 algorithm for encryption and provides perfect forward secrecy. As soon as the IETF finishes standardization the AES256-CTS-HMAC-SHA384-192 algorithm will be supported. In addition, AuriStorFS supports multi-factor access control entries so it is possible to grant different permissions to anonymous user anonymous @ machine machine user @ machine where "user" and "machine" are Kerberos identities. It is worth noting that AuriStorFS also ensures that all server to server communication is protected. When AuriStorFS volservers are in use volume operations can be performed on networks that are not visible to the machine the "vos" command is executed on. Jeffrey Altman AuriStor, Inc.
<<attachment: jaltman.vcf>>
smime.p7s
Description: S/MIME Cryptographic Signature
