Manualshelf

User manual

ManualsBrandsCompaq ManualsComputer equipmentNetelligent 1016
41424344454647484950
Etherboot User Manual
C.9. NFS
While NFS is very convenient for installing diskless machines, it provides almost no security. Data is
transmitted unencrypted and authorization is solely based on the identity of IP addresses. Anybody who
can forge ethernet packets, has full access over any data that is available via NFS. While there are
protocol extension that try to address these shortcomings, I am not aware of any solution for Linux based
machines. This means, you have to assume that all exported filesystems are freely read- and writable.
Bear this in mind when deciding which data you intend to export.
C.10. TELNET/RLOGIN
Telnet and rlogin do not usually come with any effective protection other than simple password schemes.
Data and even the password is transmitted as plain text. There are commonly available programs that
constantly monitor the network for packets that contains passwords. Fortunately, the security of these
protocols can be vastly improved by replacing them with the Secure Shell protocoll
(http://www.cs.hut.fi/ssh). Preferably, all telnet and rlogin servers and clients should be removed from all
machines.
C.11. THE X WINDOW SYSTEM
X provides some security when run over a network, but the scope of it is limited and exploits can easily
be devised. At the very least, you should make sure that the xauth protocol is used as opposed to the
vastly inferior xhost protocol. A better solution is provided by routing all X connections through a secure
shell session. This does not only provide more reliable authentication, but it also encrypts all data.
C.12. CONCLUSION
While this text cannot do more than barely scratch the surface, it should help you in locating some of the
more vulnerable sub-systems of your networks and your computers. It does not aim for completeness,
but if you think that there is a topic which should be mentioned or if you want to update an entry, then
please to contact me.
D. VendorTag extensions, 28 April 2001
Markus Gutschke, gutschk AT math PERIOD uni-muenster PERIOD de with changes by Ken Yap,
ken_yap AT users PERIOD sourceforge PERIOD net
This documentation has been written and is copyrighted 1996,97 by Markus Gutschke <gutschk AT math
PERIOD uni-muenster PERIOD de>. You are free to distribute this file as long as you do not change its
contents. I appreciate comments and will consider them in future revisions. If you have any questions,
comments, or suggestions, please also send carbon copies of your e-mail message to both Ken Yap
44