The systems and database administrator for a Fortune 500 company notes that while NFS is “decades old and predating Linux…the most obvious feature missing from NFSv4 is native, standalone encryption.” emil (Slashdot reader #695) summarizes this article from Linux Journal:
NFS is the most popular remote file system in the Linux, UNIX, and greater POSIX community. The NFS protocol pushes file traffic over cleartext connections in the default configuration, which is poison to sensitive information.
TLS can wrap this traffic, finally bringing wire security to files vulnerable to compromise in transit. Before using a cloud provider’s toolset, review NFS usage and encrypt where necessary.
The article’s author complains that Google Cloud “makes no mention of data security in its documented procedures,” though “the performance penalty for tunneling NFS over stunnel is surprisingly small….”
“While the crusade against telnet may have been largely won, Linux and the greater UNIX community still have areas of willful blindness. NFS should have been secured long ago, and it is objectionable that a workaround with stunnel is even necessary.”
of this story at Slashdot.
Source:: Slashdot