<div>
NFS was not very secure in version 2 and 3. &nbsp;This is why it got a bad name.<br />
<br />
NFSv4 has lots of security features, but they are not enabled by default:<br />
<br />
- kerberos authentication allows for secure authentication and integration with AD<br />
- nfsv4 traffic can optionally be encrypted<br />
- nfs shares can be exported to a limited set of hosts <br />
- nfsv4 allows ACLs.<br />
<br />
NFSv4 can be a bit of a challenge to set up, but when done correctly it can be very secure. &nbsp;However it is still recommended not to expose it directly to the internet but over a VPN if needed for remote sites.
</div>


<div>
Thanks.<br />
<br />
&gt;kerberos authentication allows for secure authentication and integration with AD<br />
In our case, we're on Solaris, so it won't be AD integration: will it still use Kerberos authentication?
</div>


<div>
And with NFSv4, can we enable encryption for data in motion &amp;&nbsp;data at rest??
</div>


<div>
Can &nbsp;&quot;Data in Motion&quot; ie when copying to/from &nbsp;NFSv4 be encrypted?
</div>


<div>
<div class="content wysiwyg-content">
In one apps project, they requested to use NFS (Netw File Share) &nbsp;on Solaris:<br />
My concern is<br />
a) unlike Windows which can have Windows firewall to restrict who can access the NFS share <br />
&nbsp; &nbsp; (ie endpoint firewall), Solaris are not known to have its own endpoint firewall<br />
b) NFS traffic are not encrypted, correct?<br />
c) NFS authentication is weak? &nbsp;: Pls elaborate in what way?<br />
<br />
What are the mitigations we can put in place if the apps team still wants it?
</div>
</div>


In one apps project, they requested to use NFS (Netw File Share)  on Solaris:
My concern is
a) unlike Windows which can have Windows firewall to restrict who can access the NFS share 
    (ie endpoint firewall), Solaris are not known to have its own endpoint firewall
b) NFS traffic are not encrypted, correct?
c) NFS authentication is weak?  : Pls elaborate in what way?

What are the mitigations we can put in place if the apps team still wants it?

Weaknesses &amp; mitigations for using NFS on Solaris

Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.

OS Security

vulnerability

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.

Weaknesses &amp; mitigations for using NFS on Solaris

Weaknesses & mitigations for using NFS on Solaris