Re: NFS and Backups

• Previous message: platanthera: "Re: Updating newly installed FreeBSD-5.2.1"
• In reply to: cpghost: "Re: NFS and Backups"
• Next in thread: Tillman Hodgson: "Re: NFS and Backups"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To: <cpghost@cordula.ws>
Date: Sun, 4 Jul 2004 08:47:49 -0400

Hmm, Perhaps a complete layout and network explanations is in order here....

- I have a total of 5 servers, all running freebsd.
- All servers have two NICS, 1 LAN and 1 WAN, all are hardwired to my
switch. (No wireless involved.
- The switch IS configured to allow WAN access to WAN ports only, and LAN
access to LAN ports only.
- WAN is using serveral hundered IPS on serveral subnets. LAN is using a
single ssubnet of 254 (using the 192.168 scema).
-The servers are locked in a very secure cage, accesssable by me, my partner
(who never goes there), and a bonded network technician.
- Peerl 1 is the Colo provider (In the Toronto NOC).
- Two of my servers are our primary and secondary nameservers. The other
three use those nameservers excelusively.
- The hosts files include two names for each server, the fully qualified
domain i.e. "machine1.mydomain.com" and the LAN name which is just the local
machine name i.e. "machine1"
- The exports files use the local machine name only i.e.
"/backups -alldirs -maproot=0 machine1 machine2 ..."
-Just to be clear, each machine is plugged directly into the main switch
shown below, no hubs or anything in between.
Here is the layout:

POP
|
|
|
Perr1 Router-------------------------------
                                           |
                __________________My Switch (Dell 3324)______________
                | | | | | | | | | |
                Lan Wan Lan Wan Lan Wan Lan Wan Lan Wan
                Machine1 Machine2 Machine3 Machine4 Machine5

----- Original Message -----
From: "cpghost" <cpghost@cordula.ws>
To: <gpeel@thenetnow.com>
Cc: <cswiger@mac.com>; <freebsd-questions@freebsd.org>
Sent: Saturday, July 03, 2004 9:12 PM
Subject: Re: NFS and Backups

> > > > I have recently decided to use some extra disk space on one of my
> > servers as
> > > > backup space. I have NFS client and Servers running OK, but was
> > wondering how
> > > > secure it really is.
> > >
> > > NFS is not secure at all. If you don't trust the local subnet, don't
use
> > NFS
> > > there. Certainly don't use NFS across the Internet, unless using a
secure
> > > tunnelling/VPN protocol....
> >
> > So, If I set the exports so that it used 192.168.x.x, and, my managed
switch
> > is only set to alow members of my vlan to use those IPs, I should be OK
in
> > that case?
>
> Careful here! If you have a WLAN access point hooked to your switch,
> you're still vulnerable to war driving. Even if you don't use wireless
> LAN, you still have to be sure that the client can't be replaced
> with a rogue machine without you immediately knowing it (it happens
> in real life more frequently than you think, esp. in big offices
> with lots of computers). If you could avoid NFS for backups, then
> by all means, you should try. As said, building reliable backup/restore
> as well as ad hoc file swapping schemes on top of scp and ssh is a tried
> and quite secure method.
>
> --
> Cordula's Web. http://www.cordula.ws/
>
>

_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"

• Previous message: platanthera: "Re: Updating newly installed FreeBSD-5.2.1"
• In reply to: cpghost: "Re: NFS and Backups"
• Next in thread: Tillman Hodgson: "Re: NFS and Backups"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]