Date: Sun, 02 Apr 2006 16:58:09 -0400 From: Chuck Swiger <cswiger@mac.com> To: nospam@mgedv.net Cc: freebsd-questions@freebsd.org Subject: Re: hunting for secure fileserver-connection! Message-ID: <44303AE1.4040404@mac.com> In-Reply-To: <000e01c65685$1193dd20$0a86a8c0@avalon.lan> References: <000e01c65685$1193dd20$0a86a8c0@avalon.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
No@SPAM@mgEDV.net wrote: > the scenario: > - freebsd-fileserver with encrypted HDD's (GELI) (1.5TB) > - windows (sorry for that, it's a requirement) as client > > the quest: > - securely mount shared filesystems from the server from > the windows client w/o being open to sniffers/network > hacks (non-weak encryption required) > - files should be accessible like with windows-fileserver > shares through UNC and/or drive-name(s) > - server and clients should share the same network. (no > tunnelling etc...) > - authentication should be done against local defined users > > what we don't want: > - VPN/IPSEC/... between the hosts > - webdav > > we've been looking on solutions like secure nfs over tcp, > samba, etc... but except making it slower, there have been > no real good solutions until yet. > > anybody out there, who has a good advice on that? If you don't trust CIFS/Samba enough to be secure against local sniffers, and you won't run IPsec, you're left with odd things like Sun's SecureNFS software, only I doubt that's available for a FreeBSD fileserver. If you've got 1.5TB of storage, perhaps you should talk to Auspex or NetApp and see what the NAS folk have to offer... -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44303AE1.4040404>