OS X and FreeBSD: What could be a good setup
cswiger at mac.com
Mon Apr 12 15:06:14 PDT 2004
Bart Silverstrim wrote:
[ ... ]
>> Oh, yes: unless you use an encrypted tunnelling protocol like a VPN or
>> an SSH tunnel, pretty much all filesharing protocols are vulnerable to
>> subnet-local sniffing. Using strong encryption when using wireless is
>> a fine idea. :-)
> VPN would be a little strong to use for client->wap, though, wouldn't
> it? I have used VPN's for WAP<->WAP bridges, but not for a notebook
> computer to a WAP.
It depends on how much you care about your security, and whether you trust WEP
to be secure enough to fool anyone who might listen to your wireless network.
> What I HAVE used is SSH, to create a redirected series of ports. That's
> reasonably simple to open on a notebook. BUT I don't know how (or even
> *if*) it could be used to redirect CIFS connections.
You can run a PPP session over an SSH port tunnel to get a VPN without much
> How come NFS got such heavy flak for insecurity when CIFS also transfers
> in clear text over the wire?
Who knows? I guess maybe people don't expect much security from a so-called
"Windows protocol" to begin with. :-) Note that you actually can configure
NFS to use security, although I've never seen SecureRPC/SecureNFS actually
deployed anywhere so perhaps it's a moot point.
Someone sufficiently versed in the ways of CIFS can probably make that
protocol more secure, too, although it's unclear how much good that does if
all an intruder needs to do is pretend to be a Win98 system (and have fallback
for backwards compatibility zap security).
More information about the freebsd-questions