[ic] hardware for Interchange

Doug Alcorn interchange-users@lists.akopia.com
Mon Jul 9 21:18:00 2001


Jockey <jim@idk-enterprises.com> writes:

> I am doing back-ups of all of my store stuff via NFS to another box
> at midnight every night.
> 
> The upside is that this is going on to 2 totally different
> computers.  If one fails, I can quickly throw the other one on line
> with very little loss.
> The downside is that both computers are about 10 feet apart. A
> fire/bomb/vandalism would take them both out.

The other downside is that nfs just isn't secure.  Unless you are
tunneling nfs through an ssh session, your data is exposed.  Unless
you are running nfs on a private lan, your data is probably exposed.
Unless you are running both boxes behind the same firewall that blocks
portmapper and other nfs ports, your data is probably exposed.  nfs
was pretty cool for its time, but in the world as we know it today
it's just not secure.

nfs still works pretty well in special circumstances.  namely the nfs
server is never addressable from outside the firewall (meaning no one
on the internet can even see it) and the nfs traffic goes over a
private lan (meaning that no interfaces on the lan route traffic over
to an internet public interface).

Suprisingly enough (assuming both boxes are linux boxes), the secure
alternative is samba with smbfs.  It is pretty easy to tunnel over
ssl/ssh and doesn't leave unnecessary ports open for attack.
-- 
 (__) Doug Alcorn (mailto:doug@lathi.net http://www.lathi.net)
 oo / PGP 02B3 1E26 BCF2 9AAF 93F1  61D7 450C B264 3E63 D543
 |_/  If you're a capitalist and you have the best goods and they're
      free, you don't have to proselytize, you just have to wait.