“Why is it that when you read almost any book or paper about
Solaris security it will explicitly say: turn off the NFS and NIS
services. Some system administrators, though, cannot just turn off
these services, as they are already key services implemented across
their enterprises. Security issues seem to be inherent in their
structure; however, there are methods and precautions that can be
taken to make them more secure than their plain-vanilla
implementations.”
“Based on the RPC (remote procedure call) protocol, network
filesystem was originally created by Sun Microsystems in the 1980’s
to share files on disparate Unix systems. NFS is a client/server
implementation that makes remote disks transparently available on a
local client. It utilizes several daemons and configuration files
to enable file sharing. By default, this process is all undertaken
without any separate authentication, which makes NFS a security
risk….”
“How does it work? NFS runs on the UDP protocol, which is a
connectionless protocol because it does not require any
acknowledgement of packet delivery. NFS tries to make up for this
by forcing an acknowledgement of every command it sends. If the
acknowledgement occurs, it continues sending data. If not received
in a certain amount of time, then the data is retransmitted.”