NFS and Backups

[cpghost]

> > > I have recently decided to use some extra disk space on one of my
> servers as
> > > backup space. I have NFS client and Servers running OK, but was
> wondering how
> > > secure it really is.
> >
> > NFS is not secure at all.  If you don't trust the local subnet, don't use
> NFS
> > there.  Certainly don't use NFS across the Internet, unless using a secure
> > tunnelling/VPN protocol....
> 
> So, If I set the exports so that it used 192.168.x.x, and, my managed switch
> is only set to alow members of my vlan to use those IPs, I should be OK in
> that case?

Careful here! If you have a WLAN access point hooked to your switch,
you're still vulnerable to war driving. Even if you don't use wireless
LAN, you still have to be sure that the client can't be replaced
with a rogue machine without you immediately knowing it (it happens
in real life more frequently than you think, esp. in big offices
with lots of computers). If you could avoid NFS for backups, then
by all means, you should try. As said, building reliable backup/restore
as well as ad hoc file swapping schemes on top of scp and ssh is a tried
and quite secure method.

-- 
Cordula's Web. http://www.cordula.ws/