15.7 Summary

Building on our exploration of network protocol stacks, this chapter discussed the security implications of two network filesystems: NFS and SMB. If you run a modern Unix system, the chances are very good that you have one or both of these systems installed; you may even be running them. Certainly we are.

Network filesystems were developed in an age when disks were expensive and relatively small: networked filesystems were critical for making Unix workstations economically feasible. Today, they are used largely for convenience: it is easier to administer a group of workstations if they have a common filesystem. It is easier for users to collaborate if their files are kept on a shared sever. Networked home directories make it possible for people to transparently use many different computers within an organization.

Yet in these days of fast networks and good software for replicating files, networked filesystems are less critical than they were in the past. Although these packages can be used securely, it is difficult to do so. Before you decide to adopt a network filesystem, examine your base assumptions. Then, if you decide to go ahead, be sure to audit your installation on a regular basis. Networked filesystems are a common venue for internal attacks.