SecurityFocus.com: NFS and NIS SecurityJan 28, 2001, 14:22 (3 Talkback[s])
(Other stories by Kristy Westphal)
"Why is it that when you read almost any book or paper about Solaris security it will explicitly say: turn off the NFS and NIS services. Some system administrators, though, cannot just turn off these services, as they are already key services implemented across their enterprises. Security issues seem to be inherent in their structure; however, there are methods and precautions that can be taken to make them more secure than their plain-vanilla implementations."
"Based on the RPC (remote procedure call) protocol, network filesystem was originally created by Sun Microsystems in the 1980's to share files on disparate Unix systems. NFS is a client/server implementation that makes remote disks transparently available on a local client. It utilizes several daemons and configuration files to enable file sharing. By default, this process is all undertaken without any separate authentication, which makes NFS a security risk...."
"How does it work? NFS runs on the UDP protocol, which is a connectionless protocol because it does not require any acknowledgement of packet delivery. NFS tries to make up for this by forcing an acknowledgement of every command it sends. If the acknowledgement occurs, it continues sending data. If not received in a certain amount of time, then the data is retransmitted."