Security issues with NFS on web server

Security issues with NFS on web server

Post by Keegan Al » Wed, 13 Nov 2002 01:02:11



Hello,

I was hoping to share-out my htdocs folder via NFS to another system
on my network, but this server is a webserver and has unrestricted
access to the Internet.  Is NFS secure enough to do this?  If I open
it and specify only another system on my network -- 10. range - am I
opening up myself to attacks ?

Just checking.  Thanks for the help.

Keegan.

 
 
 

Security issues with NFS on web server

Post by Tim Hayne » Wed, 13 Nov 2002 01:20:18



> I was hoping to share-out my htdocs folder via NFS to another system on
> my network, but this server is a webserver and has unrestricted access to
> the Internet. Is NFS secure enough to do this? If I open it and specify
> only another system on my network -- 10. range - am I opening up myself
> to attacks ?

You've got plaintext transfer of stuff, you've got reliance on nothing more
than the UID of the person mounting it on the client end, you've got
performance and locking worries, ...

Have you considered WebDAV instead? Presumably if you've got an htdocs
foder then you've already got a web-server on the box for some reason,
so... :)

~Tim
--

Take death on wheels / Re-create the land   |http://spodzone.org.uk/

 
 
 

Security issues with NFS on web server

Post by Jim Levi » Wed, 13 Nov 2002 09:01:52



> Hello,

> I was hoping to share-out my htdocs folder via NFS to another system on my
> network, but this server is a webserver and has unrestricted access to the
> Internet.  Is NFS secure enough to do this?  If I open it and specify only
> another system on my network -- 10. range - am I opening up myself to attacks
> ?

Have you considered using rsync to keep the local copy of your htdocs dir in
sync with a copy on the webserver?

for security reasons, it would be a "good thing" to use an IPtables local
firewall on the web server to protect it from malicious Internet access.
Typically a web server only need to allow inbound HTTP/HTTPS and possibly FTP
connections.
--
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
 The instructions said to user Windows 98 or better, so I installed RedHat

 
 
 

Security issues with NFS on web server

Post by Nico Kadel-Garci » Wed, 13 Nov 2002 13:34:27



Quote:> Hello,

> I was hoping to share-out my htdocs folder via NFS to another system
> on my network, but this server is a webserver and has unrestricted
> access to the Internet.  Is NFS secure enough to do this?  If I open
> it and specify only another system on my network -- 10. range - am I
> opening up myself to attacks ?

Keeping it internal is quite common: it relies on the firewall somewhat.

NFS is famous for all sorts of * security holes: as a minimum, I'd block
the NFS ports at your firewall and restrict the NFS access to read-only if
possible.

 
 
 

1. Apache 'web-tree' security issue -> Index of......

Hi there,

A dumb question, but I can't seem to find the answer..
I am using Apache 1.3x..

It works really fine, I was playing a little with mod_rewrite and
noticed that when a directory doesn't contain a index.html all files
in that directory are listed...
(Example: http://www.ikarus-modellbau.de/clips/ )

When I just installed the server this wasn't the case,
I know that I have changed some settings in httpd.conf the last few
weeks.

My question: I can't seem to find what parameter needs to be changed
to disable the above problem:
What I want is that when you enter the above URL you should get an
error, or message that the page cannot be found..

Thanks in advance for the help..

Bye Bye
David

2. Sync CMOS clock to NIST?

3. Newbie: security on newly mail server, web server & mysql, ftp

4. Apache module to do Authentication/Authorization against the NAB (Name and Address Book) of Lotus Notes/Domino.

5. manual, tutorial or howto about security on a linux web server mail server

6. Linux 2.5.20-dj3

7. Web Content via NFS, performance issues....

8. Help with SENDMAIL

9. Tuning Web Server and NFS Server

10. mail server, web server, nfs file system questions...

11. NFS security issues

12. Web Content via NFS, performance issues?

13. SGI Security Advisory 19970503-01-PX - runpriv Security Issue