Securing the Network File System (NFS)
The Network File System (NFS), currently in Version 3, is a popular but not particularly secure system. In its regular security mode, it is relatively easy to gain unauthorized access to NFS-shared file systems (and sometimes the NFS servers themselves), because NFS does not use strong authentication or encryption. For the same reason, data transferred over NFS may be eavesdropped on while in transit, thus compromising privacy. However, there are few things you can do to make NFS less vulnerable to attacks and minimize losses from successful attacks:
Share file systems as read-only whenever possible (share -o ro) .
Do not recognize Set User ID (SUID) on shared file systems (share -o nosuid) .
Use only Diffie-Hellman ...
Get Solaris 8 Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
