Date: Mon, 12 Apr 2004 18:05:35 -0400 From: Chuck Swiger <cswiger@mac.com> To: Bart Silverstrim <bsilver@chrononomicon.com> Cc: FreeBSD Questions <freebsd-questions@FreeBSD.ORG> Subject: Re: OS X and FreeBSD: What could be a good setup Message-ID: <407B12AF.4050101@mac.com> In-Reply-To: <B64FECE4-8CC2-11D8-8582-000A956D2452@chrononomicon.com> References: <E6F31F15-8954-11D8-A222-000A956D2452@chrononomicon.com> <407AEA88.90401@mac.com> <B64FECE4-8CC2-11D8-8582-000A956D2452@chrononomicon.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Bart Silverstrim wrote: [ ... ] >> Oh, yes: unless you use an encrypted tunnelling protocol like a VPN or >> an SSH tunnel, pretty much all filesharing protocols are vulnerable to >> subnet-local sniffing. Using strong encryption when using wireless is >> a fine idea. :-) > > VPN would be a little strong to use for client->wap, though, wouldn't > it? I have used VPN's for WAP<->WAP bridges, but not for a notebook > computer to a WAP. It depends on how much you care about your security, and whether you trust WEP to be secure enough to fool anyone who might listen to your wireless network. > What I HAVE used is SSH, to create a redirected series of ports. That's > reasonably simple to open on a notebook. BUT I don't know how (or even > *if*) it could be used to redirect CIFS connections. You can run a PPP session over an SSH port tunnel to get a VPN without much more effort. > How come NFS got such heavy flak for insecurity when CIFS also transfers > in clear text over the wire? Who knows? I guess maybe people don't expect much security from a so-called "Windows protocol" to begin with. :-) Note that you actually can configure NFS to use security, although I've never seen SecureRPC/SecureNFS actually deployed anywhere so perhaps it's a moot point. Someone sufficiently versed in the ways of CIFS can probably make that protocol more secure, too, although it's unclear how much good that does if all an intruder needs to do is pretend to be a Win98 system (and have fallback for backwards compatibility zap security). -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?407B12AF.4050101>