Date: Fri, 31 Oct 1997 09:18:03 -0700 From: Kenneth Ingham <ingham@i-pi.com> To: security@freebsd.org Subject: NIS: how secure is it? Message-ID: <19971031091803.02389@socrates.i-pi.com>
next in thread | raw e-mail | index | archive | help
One of my clients has a firewall. The external network has three FreeBSD machines on it (plus a router, of course): mail ftp/www authentication server server server The network to which these machines are connected is completely inside of the machine room, and is considered secure from taps by the bad guys (if this assumption is violated, we have much bigger problems). Currently each machine has a separate password file, along with the maintenance headaches that accompany such a setup. They all really need a shared password file. The machines are separate to provide a bit of isolation---in case one is compromised, we want to keep the damage as contained as possible. The kerberos docs specifically recommend against using it as a common password file between machines which will be used by more than one person at a time. That leaves me with NIS. Can I trust NIS if I set it up as follows? The authentication server is the NIS master. This machine has nearly no network services running (only ssh and telnet+s/key required and tcp wrappers on these), and has schg flags on most every file, set at time of install. Making it the master and each other machine a slave means that the master doesn't have to have another open port; it generates all the traffic. The other two machines are NIS slave servers. The only network traffic should be when someone changes a password, and the master pushes the update to the slaves. Losing a machine doesn't affect the others (except the auth server being down prevents password changes). What kind of exposure do I have if the mail or ftw machine is broken into? I would assume that we're open to password guessing if root is compromised. Right now, we have the same exposure, except that each machine has a different password file, so it could be possible for people to have different passwords on each machine (I doubt it, and I initialized the ftp server with the password file from the mail server). Comments? Kenneth
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19971031091803.02389>