Linux Nfs Paper

Linux NFS Paper

Today I will be talking about NFS, or Network File system, and it used widely to share files across multiple servers and computers. Let me just clarify how the NFS system will work, a file will be taken from the directory, or NFS file system, the file will then be exported to the NFS client, then you would need to mount the file to the client, to make sure it was accessible throughout the entire system. With the system mount you can also see the IP addresses accessing the system, which isn’t that secure, seeing how anyone could simply scam their way into your system, which you really want to protect against.

Today we want to learn how to properly secure that you have to cover the 3 main resources, or places to secure. The Portmapper, the server security, and the client security are the 3 things you must secure. The Portmapper is basically the root to the NFS, you want to make sure the ports are being used correctly, and are giving access to the right people, and is connected to an outside trusted network.

You can simply use the etc/hosts command to check the ports, but you can also use that to allow and deny ports to anybody across the network. That’s a bit drastic, but can lead to a secure NFS especially if you notice any fishy IP addresses or activities across the network.

With the server security, this is where it becomes more of a necessity to keep it secure, because without system security, the whole thing is going to go down the drain. It would be like leaving a Porsche with the door open, keys in the ignition in front of 3 rowdy teenagers, it’s just not going to be pretty. This and client security go together hand in hand, because without one, you don’t have the other. For server security you can use the root_squash in the etc/hosts command. With the root squash you can basically secure the ports used by the root. Which are frequently 1-1024 or the secure ports. With that you can keep any harmful users from getting access to those...