Skip to main content

Discuss security issues in Network File system.

By
71.Discuss security issues in Network File system.
Ans.
1. NFS protocol version 3 and older have some security problems that make it unsuitable for use across the Internet and potentially unsafe for use even in trusted network.

 2. One NFS weakness, in general terms, is the /etc/exports file, if a cracker is able to spoof or take over a trusted address, an address listed in /etc/exports then your exported NFS mount are accessible.

 3. NFS has normal Linux file system access controls that take over once a client has mounted an NFS export, once this happens normal user and group permissions on the files take over access control.

 4. The 1st way to defense is to use host access control, to limit access to services , particularly the portmapper, which has long been target of exploits attempts.

 5. For this add the entries in /etc/hosts.clevy lockd, statd, mountd and rquoted.

 6. Careful use of IS packet firewall, using netfilter, dramatically increases NFS server security.

 7. Netfilter is stronger than NFS daemon level security or even TCP wrappers because it restricts access to your server at the packet level.

 8. mountd, lockd, statd and rquotad do not bind to any specific port i.e. they use a port number randomly assigned by the portampper.

Labels:

Comments

Post a Comment

Popular posts from this blog

Explain the tools used to monitor system security.

By
12.Explain the tools used to monitor system security. Ans. 1. People who, for purpose of larceny or to amuse themselves, like to break into computers, they are called ‘crackers’. 2. If there is a vulnerability in a system they will find it and use it against you. 3. Preventing use of your machine for nefarious purpose and guarding against intrusion are, in the end, your responsibility alone. 4. Red hat equips you with tools to detect and deal with unauthorised access of many kinds. 5. You need to configure those tools and understand how to sense the warning they provide. 6. Fortunately Linux is development community is quick to find potential exploits and to create ways of slamming the doors before crackers can enter in your system. 7. Red hat is careful enough to making available new, patched version in which potential exploits have been found. 8. You should make sure to download and install the repaired package. 9. This line of defence...
Post a Comment
Read more

Explain the file systems supported by Linux.

By
21.Explain the file systems supported by Linux. Ans. 1. Linux can read/write to several file system that originated with other operating system much different from Linux. 2. One reason that Linux supports so many file systems is the design of its virtual file system (VFS) layer, its provides a fairly universal forms of file support, file systems supported by Linux are as follows: 3. ext3: • Ext3 stands for third extended file system. • Starting from Linux Kernel 2.4.15 ext3 was available. • The main benefit of ext3 is that it allows journaling. • Journaling has a dedicated area in the file system, where all the changes are tracked. • When the system crashes, the possibility of file system corruption is less because of journaling. (If no journaling, then fsck command (file system consistency check) is used to check for the corrupted file and to repair that file). • ext3 keeps a record of uncommitted file transactions and applies only those transactions when the sy...
Post a Comment
Read more

Explain the rc script and how they can be managed by manually.

By
18.Explain the rc script and how they can be managed by manually. Ans. 1. ‘rc’ scripts are stored in ‘/etc/rc.d’ directory, rc scripts are used to stop and start services for runlevels. 2. In ‘/etc/rc.d’ directory we have some additional directories rc0.d, rc1.d, rc2.d, rc3.d, rc4.d, rc5.d and rc6.d, the numbers in directory name corresponds to the runlevel and contains the scripts for runlevels. 3. For example let’s take runlevel 5, init program looks in the ‘/etc/rc.d/rc5.d/’ directory for the processes to start and stop. 4. All the scripts in the rc5.d directory are symbolic like to the actual scripts that are located in the ‘/etc/rc.d/init.d/’ directory. The use of symbolic link means that the runlevel can be modified by adding or removing symlinks or changing the order the script run. 5. rc scripts contains symbolic links which can be modified to change the runlevels. 6. Symbolic links begins with a ‘k’ and a number or an ‘s’ and a number. Example: S25netfs -...
Post a Comment
Read more