[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

secure NIS and NFS like services (was Re: networking)

> If there is someting you don't trust, see if you can place it on a box
> not so vital to your business.

Obvisouly that would be the best solution but it's not always
possible.  The point of the question was whether or not its possible
to get NIS and NFS like services without opening yourself up to that
much risk.

Let's say we have a single solaris box running everything on our
system.  It has to be a solaris box for some reason -- one of the
services we have to provide will only run on solaris.

Some of the services expose us to risk -- shell service, for example,
is dangerous.  Other services aren't so risky.  So we decide that it
would be nice if we chould separate off the risky services from the
not so risky services on different machines, and tie them together
with NIS and NFS.  If the box with the risky services on it falls, the
not so risky services box would still be safe, hopefully.  And
remember, one of our risky services has to run on solaris (just to
make the problem more interesting).

The problem with that is that if someone gets root on one box, NFS
exposes us to a "domino effect" -- it puts the other boxes at risk.
So we're not getting that much of a win from splitting things off.

Are there ways to get NFS and NIS like services that don't expose you
to this domino effect?

There are solutions out there, but nothing seems to be general.  Sun
has NIS+, but that doesn't do me any good if I want to run OpenBSD and
Solaris together.  The Coda file system seems to be a lot safer than
NFS, but that isn't supported everywhere either.  Even IPsec, which
protects the link, but doesn't address problems in underlying
protocols, doesn't seem to run on solaris.

So what I'd like to know is how experienced openbsd security gurus
solve these problems, if they solve them at all.  Is it possible to
secure NFS, at least on the openbsd side?  Do they use AFS?  Is AFS an
expensive solution?  And what, if anything, exists for the NIS side of
the problem?