Re: [OpenAFS] AFS in the age of the wild west internet

On 5/3/2016 11:02 AM, Steve Gaarder wrote: > Yes, of course we do that. My question is whether there is also a way > to say that some volumes cannot be accessed from outside our network > regardless of credentials. Would it work to put all those volumes on a > server with a firewall that blocks

RE: [OpenAFS] AFS in the age of the wild west internet

Yes, of course we do that. My question is whether there is also a way to say that some volumes cannot be accessed from outside our network regardless of credentials. Would it work to put all those volumes on a server with a firewall that blocks access? Steve Gaarder System Administrator,

Re: [OpenAFS] AFS in the age of the wild west internet

> On 4 Mar 2016, at 15:04, Steve Gaarder wrote: > > How safe is it to leave AFS open to the world? The answer to this depends on a wide variation of factors, including your threat model, and individual risk assessments. The most important consideration here is how

Re: [OpenAFS] AFS in the age of the wild west internet

On 03/04/2016 04:04 PM, Steve Gaarder wrote: While I really like the concept of AFS as a world-wide filesystem, I'm starting to wonder if it's a good idea in the modern age of cyberattacks. How safe is it to leave AFS open to the world? Some of the data we store in AFS does not need to be

RE: [OpenAFS] AFS in the age of the wild west internet

fs sa /path/to/whatever system:anyuser none -Original Message- From: openafs-info-ad...@openafs.org [mailto:openafs-info-ad...@openafs.org] On Behalf Of Steve Gaarder Sent: Friday, March 4, 2016 10:05 AM To: openafs-info@openafs.org Subject: [OpenAFS] AFS in the age of the wild west

[OpenAFS] AFS in the age of the wild west internet

While I really like the concept of AFS as a world-wide filesystem, I'm starting to wonder if it's a good idea in the modern age of cyberattacks. How safe is it to leave AFS open to the world? Some of the data we store in AFS does not need to be accessed from outside of our network; is there a