Date: Mon, 13 Dec 1999 23:29:20 -0500 (EST) From: "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com> To: a.genkin@utoronto.ca (Arcady Genkin) Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Merging 2 servers? Message-ID: <199912140429.XAA75895@cc942873-a.ewndsr1.nj.home.com> In-Reply-To: <87ln6ydzul.fsf@main.wgaf.net> from Arcady Genkin at "Dec 13, 1999 09:24:02 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Arcady Genkin wrote, > "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com> writes: > > > Before you even consider NIS or NFS, I think you need to think about > > your security model. I would guess every student in the building does > > not physically use these machines, but rather there is some LAN the > > teachers and students connect too? With NIS/NFS, if one host on the > > network is comprimised... Game over. Or if some bright pre-teen brings > > in a laptop and plugs it in to the LAN, they gotcha. Want students to > > be able to read each others' mail or *gasp* the teachers' mail and > > files? (And do you really trust all of those teachers too? ;) > > Could you elaborate on how a kid with a laptop would be able to > compromise the above setup? Well, we all know NFS _really_ stands for No F***ing Security, right? Information is transfered unencrypted and authetication is by IP address alone. Anyone who can sniff the LAN and spoof IP packets can have their way with you. So... anyone with a laptop that can plug into the LAN can sniff the tracffic and see who is talking. From there, spoof one of the machines that you overheard and the rest is history. As for NIS? Well, information is transfered unencrypted and authentication is by IP address alone. Yada-yada... you know the rest. -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199912140429.XAA75895>