Explain why the RPC interface to early implementations of NFS is potentially insecure. The
security loophole has been closed in NFS 3 by the use of encryption. How is the encryption key
kept secret? Is the security of the key adequate?
What will be an ideal response?
The user id for the client process was passed in the RPCs to the server in unencrypted form. Any program could
simulate the NFS client module and transmit RPC calls to an NFS server with the user id of any user, thus
gaining unauthorized access to their files. DES encryption is used in NFS version 3. The encryption key is
established at mount time. The mount protocol is therefore a potential target for a security attack. Any
workstation could simulate the mount protocol, and once a target filesystem has been mounted, could
impersonate any user using the encryption agreed at mount time..
You might also like to view...
Complete the following statement to declare an integer variable named Money: Declare __________ __________ __________.
Fill in the blank(s) with correct word
Create a World object and a Turtle object and use the Turtle object to draw an arrow.
What will be an ideal response?
Which of the following top-level domains is designed for unrestricted use?
A. gov B. edu C. int D. net
____________________ is software that a user unknowingly downloads from the Internet; and when this software is executed on the user's machine, it begins spying on the user.
Fill in the blank(s) with the appropriate word(s).