On Fri, 26 May 2000 10:14:03 CDT, Brian(_dot_)Rubarts(_at_)born(_dot_)com said:
A network server will still authenticate user requests. Only the host
needs to be authenticated with the disk/disks.
Hmm.
Isn't this security model the cause of most grumbling regarding NFS security?
If the larger network that is employing this technology doesn't hire a decent
consultant, you might be right. If they do, it will ALWAYS be behind a
firewall :-)
Double Hmm..
Odd.. I thought we had a clue about security. The guys at SANS just
gave us a 'Technology Leadership Award'. I just walked across the hallway,
and I didn't see any firewall in our router swamp.
I guess because we don't have a firewall, we don't have a clue. Or because
we don't have a firewall, we can't deploy this technology. Somehow, that
doesn't smell right.
the server and storage devices could be in a VLAN or something to deny direct
hack
attempts against the storage device, but the chink in the armor is how
hardened is
your OS?
If your OS is hardened enough, a firewall may not be appropriate.
"New from Kellogs - Firewalls cereal - part of this *COMPLETE* and *BALANCED*
security breakfast".
--
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech