Re: Transport Mode IPSEC
- From: "Ted Mittelstaedt" <tedm@xxxxxxxxxxxxxxxx>
- Date: Thu, 18 Jan 2007 01:25:44 -0800
You don't trust your own switch?
Your making a common mistake here. Your confusing application
security with environment security. If an environment is insecure
you cannot make it secure by mucking with the application. (ie:
hiding it in a tunnel)
for example you cited arp cache poisoning on an ethernet network.
running ipsec will not protect against this. If your ethernet environment
is insecure (ie: your using unmanaged switches) and it's got hostiles
on it, you can run all the ipsec you want, an attacker can DoS your
NFS server with an arp cache poison, no problem. Or, assume the
MAC of your default gateway and knock all users offline.
If you correct the environment security, then the application is
protected. For example, you put in a decent managed switch, you
setup rate-limiting on it, you setup MAC/IP address filters, and
your now secure on your local LAN.
Basically, what your trying to do - use ipsec to encrypt nfs on a local
lan - is unnecessary, adds overhead, and what you want to have happen
is better done by other mechanisms.
If your running NFS over a WAN connection where ipsec encryption
would have some validity, well, NFS isn't a good protocol for
such a connection. Copying a file is going to be slow. WANs are
unreliable and you don't want your NFS mounts vanishing without
being umounted. sftp would be a much better choice I think.
NFS isn't inherently insecure unless it's improperly deployed. I would
consider deploying NFS on a hostile ethernet network that is not secured,
to be an improper deployment and I think any security professional would
agree.
This discussion is like when Microsoft made packet signing mandatory
in SMB in Windows XP. They said "this will enhance the security of
SMB" No it didn't. SMB packets in Real Life are almost always on
a local LAN, and most of those are switched. All that did is break
connecitons to UNIX Samba servers (which was probably the real
reason they did it)
Ted
----- Original Message -----
From: "Dan Mahoney, System Admin" <danm@xxxxxxxxxxxxxxx>
To: "Ted Mittelstaedt" <tedm@xxxxxxxxxxxxxxxx>
Cc: <questions@xxxxxxxxxxx>
Sent: Thursday, January 18, 2007 12:06 AM
Subject: Re: Transport Mode IPSEC
On Wed, 17 Jan 2007, Ted Mittelstaedt wrote:switch,
Dan,
You do realize, don't you, that since both of these hosts are on a
and are using unicast traffic to communicate with each other, that they
cannot be sniffed, don't you?
That implies trust of the switch, trust against arp-cache poisoning, and
the like. The idea of ipsec is not trusting the wire.
With NIS/NFS known for being this inherently secure, would it get me a
better answer if I said "with only a single router between them"?
-Dan
--
--------Dan Mahoney--------
Techie, Sysadmin, WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144 AIM: LarpGM
Site: http://www.gushi.org
---------------------------
_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"
- References:
- Transport Mode IPSEC
- From: Dan Mahoney, System Admin
- Re: Transport Mode IPSEC
- From: Ted Mittelstaedt
- Re: Transport Mode IPSEC
- From: Dan Mahoney, System Admin
- Transport Mode IPSEC
- Prev by Date: Kernel Compiling Problem
- Next by Date: Re: Broadcom Nics in Tyan Transport GT24 (B3992)
- Previous by thread: Re: Transport Mode IPSEC
- Next by thread: Re: Transport Mode IPSEC
- Index(es):
Relevant Pages
|
