hunting for secure fileserver-connection!
Chuck Swiger
cswiger at mac.com
Sun Apr 2 20:58:05 UTC 2006
No at SPAM@mgEDV.net wrote:
> the scenario:
> - freebsd-fileserver with encrypted HDD's (GELI) (1.5TB)
> - windows (sorry for that, it's a requirement) as client
>
> the quest:
> - securely mount shared filesystems from the server from
> the windows client w/o being open to sniffers/network
> hacks (non-weak encryption required)
> - files should be accessible like with windows-fileserver
> shares through UNC and/or drive-name(s)
> - server and clients should share the same network. (no
> tunnelling etc...)
> - authentication should be done against local defined users
>
> what we don't want:
> - VPN/IPSEC/... between the hosts
> - webdav
>
> we've been looking on solutions like secure nfs over tcp,
> samba, etc... but except making it slower, there have been
> no real good solutions until yet.
>
> anybody out there, who has a good advice on that?
If you don't trust CIFS/Samba enough to be secure against local sniffers, and
you won't run IPsec, you're left with odd things like Sun's SecureNFS software,
only I doubt that's available for a FreeBSD fileserver.
If you've got 1.5TB of storage, perhaps you should talk to Auspex or NetApp and
see what the NAS folk have to offer...
--
-Chuck
More information about the freebsd-questions
mailing list