[geeks] Secure network filesystem questions

[Phil Brutsche]

Micah R Ledbetter wrote:
> I currently have a Solaris Express machine (Sun Blade 100) sharing  
> 500GB of storage via NFS. I'm on a pretty open network (one house  
> with 25 people and a shared wireless network - yes, really), and I'd  
> like to secure the access to the Solaris machine. The only clients I  
> have (for now) are Mac OS X clients.

OK

> Looking at the official docs, it seems like I need NIS/NIS+ to do  
> secure NFS - is that true? I'm hesitant to implement NIS because I  
> have zero experience with it, and I'd rather not introduce extra  
> complexity since I don't want to tinker with (AKA break) the NFS  
> server machine any more than I have to. It's housing my data, after all.

No

NIS and NIS+ are directory services.

> Is there another option for secure networked filesystems, supported  
> by Solaris and OS X? The only other thing I could come up with was  
> sshfs (via MacFUSE[0], which is still in beta) or WebDAV over https.  
> Are there any benchmarks comparing those to encrypted NFS on a 11-100  
> Mbit LAN?

Are you looking for authentication, privacy, or both?

Transport mode IPsec with AH (*not* ESP) will make sure that the packets
are from who they say they are and that they are not altered. Your data
is still plaintext.

There is also Secure RPC, but that will require a Kerberos setup.

-- 

Phil Brutsche
phil at tux.obix.com