From owner-freebsd-security  Fri Jan 12 10:23:24 2001
Delivered-To: freebsd-security@freebsd.org
Received: from jamus.xpert.com (jamus.xpert.com [199.203.132.17])
	by hub.freebsd.org (Postfix) with ESMTP id 20BBF37B69E
	for <freebsd-security@freebsd.org>; Fri, 12 Jan 2001 10:23:06 -0800 (PST)
Received: from roman (helo=localhost)
	by jamus.xpert.com with local-esmtp (Exim 3.12 #5)
	id 14H8qo-0006YL-00; Fri, 12 Jan 2001 20:22:58 +0200
Date: Fri, 12 Jan 2001 20:22:58 +0200 (IST)
From: Roman Shterenzon <roman@xpert.com>
To: Artem Koutchine <matrix@ipform.ru>
Cc: <freebsd-security@freebsd.org>
Subject: Re: Encrypted networked filesystem needed
In-Reply-To: <00aa01c07cbd$71209dc0$0c00a8c0@ipform.ru>
Message-ID: <Pine.LNX.4.30.0101122013350.25136-100000@jamus.xpert.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Fri, 12 Jan 2001, Artem Koutchine wrote:

> Hello!
>
> I need a networked filesystem which tranfers files  from
> host to host in encrypted manner or can be tunnelled
> over SSL (say, using stunnel).
>
> NFS cannot be tunneled even when run in TCP mode because
> of rpc stuff
>
> I also heard of and have read about AFS and CODA, but it seems
> like they do not support encryption, but maybe they could be tunneled.
>
> Samba CAN be tunnelled but, IMHO, Samba plain
> sux and we use it only for windows boxes which need to access unix
> files.
>
> So, is there a file system which support encryption and can AFS or CODA
> be tunneled? Can AFS and CODA even substitute NFS (in terms of
> functionality and convinices)?

If IPSec is supported on both sides, it is the best available solution.
You'll get a completely transparent encryption and a powerful NFSv3
server/client. Did I mention that FreeBSD rocks?
This way all network services will be secured and since the most of IPSec
(AH/ESP) is done in the kernel mode, it'll be quite fast even on
moderate hardware.

--Roman Shterenzon, UNIX System Administrator and Consultant
[ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ]



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message