| View previous topic :: View next topic |
| Author |
Message |
Luc484
Veteran
Joined: 26 Mar 2005
Posts: 1035
Location: Italy
|
 Posted: Mon Aug 22, 2005 5:22 pm Post subject: [Solved] nfs and wireless network |
 |
|
Hi. I've been using for some time the nfs to share directories through some of my pcs. It is great and very simple. I setup it to export some directories to specific IPs, since I have static IPs in my LAN. Now, I'm getting a wireless access point to allow some other pcs and laptops to access the same LAN. The problem I'm thinking about is this: I read that this wireless access point can reach a signal with a radius of 450m. This means that anyone can connect and mount my filesystems. Isn't this true? Is it possible to request a password before allowing the mount?
Thanks.
Last edited by Luc484 on Mon Sep 05, 2005 7:00 pm; edited 1 time in total |
|
| Back to top |
|
 |
adsmith
Veteran
Joined: 26 Sep 2004
Posts: 1386
Location: NC, USA
|
| Posted: Mon Aug 22, 2005 6:26 pm Post subject: |
|
|
perhaps not mount, but NFS is all sent unecrypted. they can jsut tcpdump and watch for files fly by.
use kerberos with NFS or use (more easily) shfs if you want secure file transfer.
Alternatively, you could decide if it's really a risk. Afterall, in my case someone who is polling my wireless network must be in my driveway, so I'd go punch them in the nose. |
|
| Back to top |
|
|
Taladar
Guru
Joined: 09 Oct 2004
Posts: 458
Location: Bielefeld, Germany
|
| Posted: Mon Aug 22, 2005 6:29 pm Post subject: |
|
|
| You could also use IPsec. |
|
| Back to top |
|
|
Luc484
Veteran
Joined: 26 Mar 2005
Posts: 1035
Location: Italy
|
| Posted: Mon Aug 22, 2005 9:56 pm Post subject: |
|
|
I've been looking to these things you suggested. But, if I understood correctly, IPsec for example is a way to avoid someone from being able to read some packages which are being transfered. Is this correct? But, if these packages are sent to you, then you have no problems in reading them. I mean, now, everyone who has a certain IP address, and id connected to my LAN, can mount some filesystems I exported. If I configure this wireless connection, then, IPsec can help me only partially. Packages which are to be sent to my pc are secured, but none can assure me that someone else can mount my filesystems and request some files, am I wrong? Those packages are readable then. In this situation IPsec cannot help me completely, I think. Did I get the point?
I read something about shfs and kerberos as well, but, from what I can see, this problem remains.
Thanks for anything. |
|
| Back to top |
|
|
adsmith
Veteran
Joined: 26 Sep 2004
Posts: 1386
Location: NC, USA
|
| Posted: Mon Aug 22, 2005 10:02 pm Post subject: |
|
|
shfs is about as secure as you can possibly get, since they'd have to hack ssh to gain access.
it is, however, much slower than NFS, since the machines have to encrypt/decrypt everything. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
