Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Linux
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Samba vs NFS

from [Bryce Porter] Network Security [Permanent Link]
Subject: RE: Samba vs NFS
Date: Tue, 22 Feb 2005 17:08:53 -0600 
It seems everyone is failing to mention NFSv4. IIRC, it requires Kerberos and 
is supposed to be even faster and more reliable than NFSv3. It may be worth 
looking into, albeit still marked experimental in the Linux kernel, and 
probably not well supported (read: if at all) by any third-party Windows NFS 
drivers / applications.

Personally, I prefer to use samba and tunnel (ipsec, stunnel, etc) between 
networks, generally due to the timeout issues / etc, and the cross platform 
support (it is cheaper, financially as well as in labor, to support netbios 
than it is NFS across different platforms).

Generally, I would consider any implementation, whether it be samba, NFS, AFS, 
Coda, etc to be "insecure" if it were open directly to the outside world at 
all. If you are infact going from network to network across an open medium 
(read: the Internet, MAN, etc), it would be a wise from a security standpoint 
to tunnel it through some kind of crypto.

Good luck with your research and implementation.

Regards,
 
Bryce Porter .  Network Administrator
. . . . . . . . . . . . . . . . . . . . . . . . . . 
Heart Technologies, Inc. 
3105 N. Main St.
E. Peoria, il  61611
 
p. 309.427.7020  
f. 309.427.7382
e. bporter@heart.net 
w. www.heart.net
 


-----Original Message-----
From: net shark [mailto:netshark@sexmagnet.com] 
Sent: Tuesday, February 22, 2005 11:43 AM
To: focus-linux@securityfocus.com
Subject: RE: Samba vs NFS

IMHO both have a dark history when it comes to security. In the old days NFS
was a nightmare; in recent years samba has shown more holes, especially
serious remote buffer overflows, which lead to root compromise.


From the performance point of view, NFS used to be a joke, as it flooded the

network with keepalives, and although samba used broadcasts, it managed to
be better than NFS.

NFS version 3 is quite another story. It can successfully compete with samba
when it comes to performance issues. There are tests that show that NFSv3 is
generally better than samba.

Samba uses a layer of non routable protocols (Netbios). It doesn't work
between networks, without a NAT helper or some sort of tricks that emulate a
samba proxy. 
On the other hand NFS is quite happy with working between networks.

There are other options on this field like coda, AFS, etc...

Hope it helps,

                        Alex
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Samba vs NFS, Scott Fagg
Next by Date:  Re: Samba vs NFS, Frank Burkhardt
Previous by Thread:  RE: Samba vs NFS, Scott Fagg
Next by Thread:  RE: Samba vs NFS, Scott Fagg
Indexes:  [Date] [Thread] [Top] [All Lists]