Manualshelf

Open System Services NFS Management and Operations Guide

ManualsBrandsHP ManualsServerHP NonStop G-Series
61626364656667686970
For information about the NFSPERMMAP attribute, see “OSS Fileset NFSPERMMAP Attribute
(page 63) and the Open System Services Management and Operations Guide.
Special OSS NFS Security Risks
Networks introduce particular security risks. This topic describes those risks that can affect OSS
NFS operations.
Global ID Space
The NFS protocol assumes a global ID space. This means that two NFS users with the same user
IDs are indistinguishable to the NFS server, even if they are on different hosts, and they will have
equal access to any NFS data and services. As a result, the system administrator must ensure that
every NFS user has a distinct user ID.
Client Authentication
OSS NFS servers do not authenticate IDs supplied by clients. The server accepts whatever user ID
and group ID information the client supplies. The OSS NFS servers can (if CHECK-ADDR is ON)
authenticate a file request by matching the node name with the IP address (neither of which is
secret or unforgeable) of the system making the request. However, the OSS NFS servers do not
authenticate the user. On OSS NFS filesets exported to systems where access is not controlled
(common on PC-class workstations) someone could simply execute the SU command to impersonate
the rightful owner of a file.
In addition, OSS NFS does not check whether client requests originate from privileged ports. That
is, the OSS NFS server cannot determine whether a request originates from the client’s operating
system or from a user process.
Risks From Eavesdropping
Given root access and a good knowledge of network programming, anyone can inject arbitrary
data into the network and pick up data from it. On a LAN, packets reach all machines, including
the server, at the same time. Therefore, a machine cannot capture packets before they reach their
destination and then change their contents and send them on their way. However, this deception
is possible through a gateway, so make sure that you trust all gateways on the network.
The most dangerous security problems affect data integrity. One can impersonate a user by
generating correct packets or recording conversations and replaying them later. Passive
eavesdropping (merely listening to network traffic without impersonating anybody) is not as
dangerous, because data integrity is not affected. However, users might consider encrypting
network data to protect the privacy of sensitive information.
Risks From Masquerading
An OSS NFS request message includes both the requester’s host name and the requester’s IP
address. An OSS NFS client can provide a false host name, and therefore masquerade as another
valid host on the network. To verify that IP addresses correctly correspond to locally defined host
names, set the IP-ADDR-CHECK attribute of the LAN interface process to TRUE. However, be aware
that neither the host names nor the IP addresses are secret or unforgeable.
NOTE: The mapping between host names and IP addresses is managed either by using a hosts
file or through the DNS network-based name-resolver facilities.
Security Considerations When Configuring OSS NFS
None of the security features provided by OSS NFS are effective unless the subsystem is configured
properly. When configuring the OSS NFS subsystem, take the following points into consideration.
62 OSS NFS Security