On Sunday 23 December 2007 18:17:54 Aaron Kulkis wrote: > primm wrote: > >>>>>> NFS is kind of ugly itself, don't you think? > >>>>> > >>>>> Ugly? Naah! It's soooo neat. With nis and nfs anyone can login > >>>>> anywhere and get their own files and start work right after they've > >>>>> got a coffee. It just works. Just like NT server before someone > >>>>> downloded a virus. > >>>> > >>>> Well, I guess if someone else is configuring and maintaining it, sure, > >>>> it's wonderful. > >>> > >>> I setup an nfs server to export /home to 5 other clients. The same > >>> server handles nis logins. No eggageration, it took me 1/2 hour most of > >>> which was reading man exports until I discovered that Yast had read it > >>> for me already! I'll bet that some gurus on this list could do it in 5. > >>> > >>> Just curious, but what are my alternatives for nfs? > >>> Love from L > >> > >> nfs is good, it mostly just works. But v3 has drawbacks in security, so > >> if you're not in total control of the network, it might not be so good > >> > >> nfsv4 + kerberos can provide real authentication and encryption though, > >> so you still don't have to abandon nfs > > > > 4 years ago it cost me two days work and a 300 Euro installation cost > > from an engineer who also sold me the licences for my workstations. That > > was w2000. > > Wow....that's pathetically sad. > > > It was plagued by viruses and most of my hardware wan't recognised so I > > had to fork out for new machines too. 5000 Euros later. > > > > I'm now reading that Linux nfs which I installed by yast all by myself is > > also a security risk. But for gads sake, it's been up for 6 months with > > my staff reading e-mails and chatting to and from their latest boyfriends > > all through the lunch break. I use SuSEfirewall2. Setup by Yast. > > Yes, NFS is a security risk -- but as you have also discovered, > it's a very small one....substantially lower risk than any > Windows machine just being ON the internet. > > > What a mess. I can't afford to go back to commercial products at the > > moment. Other people have told me that I have no alternatives. . . What > > the ???? is nfsv4 + kerberos? Yes, I know I can google it. I just have. > > But tomorrow morining I'll be back at work and I've a date this evening. > > If I were you, I wouldn't lose any sleep over it. > NFS has been in use for a good 20 years now, and I know > of no ACTUAL exploitations of the flaws in NFS. > > It doesn't mean that they aren't there...it just means > that nobody has successfully taken advantage of them. > > The fact that major corporations like GM and Ford > continue to use NFS to this very day, without demanding > a more secure product from Unix vendors (Sun, HP, etc) > tells me that the risk is controllable to a level which > is acceptable. > > Firewalls play a big part in that equation, and you > say you use them, so you should be OK. > > > It's at times like these I wish I'd stayed with my Microsoft rep. > > > > Do I change my network back to Windows 2000? I'm not a hobbyist. Can > > anyone advise me in plain English o EspaƱol? Please, if you do not run a > > network then please do not write. > > You're fine. Stick with what you have. > > It's very easy for some spammer on the other side of the planet > to hijack your Windows machines -- all he has to do is set up > a website designed to be an attractive nuisance -- like post > a video that everyone wants to watch...and on the same page, > load up a script into your Windows machine that imports a > virus or whatever remote-control mechanism they want to use. > > > Love from Primm xx
Oh thank gad. Sense at last. Thank ?*%k for that. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
