Explain why the RPC interface to early implementations of NFS is potentially insecure. The
security loophole has been closed in NFS 3 by the use of encryption. How is the encryption key
kept secret? Is the security of the key adequate?
What will be an ideal response?
The user id for the client process was passed in the RPCs to the server in unencrypted form. Any program could
simulate the NFS client module and transmit RPC calls to an NFS server with the user id of any user, thus
gaining unauthorized access to their files. DES encryption is used in NFS version 3. The encryption key is
established at mount time. The mount protocol is therefore a potential target for a security attack. Any
workstation could simulate the mount protocol, and once a target filesystem has been mounted, could
impersonate any user using the encryption agreed at mount time..
You might also like to view...
When a slide is selected in Slide Sorter view, a(n) ________ surrounds the slide, indicating it is selected
A) dotted line B) dashed line C) outline D) circle
The best performance objectives for a training session specify how well a trainee needs to be able to perform a task, such as speed or accuracy.
Answer the following statement true (T) or false (F)