Managing NFS and NIS, 2nd Edition - Mike Eisler [157]
Even though your message and MAC are sent in the clear to the server, an attacker in the middle cannot change the message without the server knowing it because this would change the result of the MAC computation on the server. The attacker can't change the MAC to match a tampered message because he doesn't know the secret key that only the server and you know. An example of a one-way hash function is MD5. An example of a MAC algorithm is HMAC-MD5.
Note that when you add a MAC to a message you are enabling the security service of integrity.
NFS and IPSec
IPSec is the standard protocol for security at the IP network level. With IPSec you can beef up your trusted host relationships with strong cryptography. IPSec was invented by the Internet Engineering Task Force (IETF) to deal with three issues:
Attackers are becoming quite adept at spoofing IP addresses. The attacker targets a host to victimize. The victim shares some resources (such as NFS exports) to only a specific set of clients and uses the source IP address of the client to check access rights. The attacker selects the IP address of one of these clients to masquerade as. Sometimes the attacker is lucky, and the client is down, so this is not too difficult. Or the attacker has to take some steps such as disabling a router or loading the targeted client. If the attacker fails, you might see messages like: IP: Hardware address '%s' trying to be our address %s!
or:IP: Proxy ARP problem? Hardware address '%s' thinks it is %s
on the legitimate client's console.
Once the legitimate client is disabled, the attacker then changes the IP address on a machine that he controls to that of the legitimate client and can then access the victim.
An attacker that controls a gateway can easily engineer attacks where he tampers with the IP packets.
Finally, if the Internet is to be a tool enabling more collaboration between organizations, then there needs to be a way to add privacy protections to sensitive traffic.
Here is what IPSec can do:
Via per-host keys, allows hosts to authenticate each other. This frustrates IP spoofing attacks.
Using a session key derived from per-host keys as input to a MAC, protects the integrity of IP traffic to frustrate packet tampering.
Using a session key, encrypts all the data in the IP packet to frustrate eavesdropping.
The first two capabilities are provided by the AH (Authentication Header) feature of IPSec. The all three capabilities are provided by the ESP (Encapsulating Security Payload) feature of IPSec.
Many systems, including Solaris 8, have IPSec support. We won't go into the details of how to set up IPSec. However, we will point out that IPSec can be a useful tool to improve the security of your NFS environment:
If you use the AH feature, then all NIS lookups are safe from tampering on the NIS server, or the NIS traffic. So the attacker cannot fool your NFS server into believing that client gonzo has IP address 192.4.5.6, instead of 10.1.2.3.
Enabling AH on NFS clients and servers prevents attackers from spoofing the clients you list on servers' rw=, ro=, and root= lists.
ESP used on the NFS client and server makes operating through firewalls safer when accessing sensitive data.
While IPSec is useful for securing NFS, because its security is host based, it does not protect your network from attackers that log onto your IPSec-protected hosts and assume the identity of other users. The discussions of AUTH_DH and RPCSEC_GSS that follow address this issue.
AUTH_DH: Diffie-Hellman authentication
AUTH_DH is an RPC security flavor that uses encryption techniques to improve on AUTH_SYS.
Old terms: AUTH_DES, secure RPC, and, secure NFS
AUTH_DH was originally called AUTH_DES, and indeed, you'll find that most documentation of AUTH_DH still calls it AUTH_DES. However, the _DES part of the name is a misnomer. While the DES algorithm is used in AUTH_DH, as we will see later, it is the Diffie-Hellman algorithm that is central to the workings of the