15.7 Summary
Building on our exploration of network protocol stacks, this chapter
discussed the security implications of two network filesystems: NFS
and SMB. If you run a modern Unix system, the chances are very good
that you have one or both of these systems installed; you may even be
running them. Certainly we are.
Network filesystems were developed in an age when disks were
expensive and relatively small: networked filesystems were critical
for making Unix workstations economically feasible. Today, they are
used largely for convenience: it is easier to administer a group of
workstations if they have a common filesystem. It is easier for users
to collaborate if their files are kept on a shared sever. Networked
home directories make it possible for people to transparently use
many different computers within an organization.
Yet in these days of fast networks and good software for replicating
files, networked filesystems are less critical than they were in the
past. Although these packages can be used securely, it is difficult
to do so. Before you decide to adopt a network filesystem, examine
your base assumptions. Then, if you decide to go ahead, be sure to
audit your installation on a regular basis. Networked filesystems are
a common venue for internal attacks.
|