T-110.5201 Laboratory Works on Information Security (5 cr)
Lab 2: Network Filesystems
Description of Exercise
In this exercise you will setup various network filesystems. You have to compare network filesystems shortly using internet (orbook) sources and your own experiments.
Please use NFSv3 for this exercise. Doing the demo with NFSv4 is also acceptable, as long as you can answer the questions.
Material
- Samba
- NFS: f.e. sourceforge or wikipedia
- sshfs (and FUSE)
1. Preparation
Add static addresses to both Lab 1's and Lab 2's eth1 interfaces. Add aliases (lab1 and lab2) for the addresses to /etc/hosts (see "man hosts").
Create two new users (e.g. "testuser1" and "testuser2") with adduser to both the computers. Ensure that users have same UID on both computers (eg. testuser1 UIDis 1001 on lab1 and lab2, testuser2 is 1002). The easiest way is to create both users on same order to both computers.
2. Configuring and testing nfs
NFS is an acronym for "network filesystem". NFS is implemented for nearly all unix variations and even for windows.
Export /home via /etc/exports. Restart the NFS server daemon. Mount lab1:/home to lab2:/mnt. You can change user with su, e.g. "su testuser1". Test that NFS works by writing a file in lab1:/home/testuser1/test.txt and open the same file at lab2:/mnt/testuser1/test.txt.
| 2.1 | Demonstrate a working configuration. | 1 p |
| 2.2 | What are the problems with NFSv3 'default' installations and firewalls? | 1 p |
| 2.3 | What are the security problems with NFSv3 so-called authentication? Are there any alternatives for securing NFSv3? | 2 p |
| 2.4 | Is it possible to encrypt all NFS traffic? How? | 1 p |
| 2.5 | What happens if testuser1 UID is 1001 in lab1, 1002 in lab2 and testuser2 is 1002 in lab1, 1001 in lab2? Verify from the documentation and demonstrate. |
1 p |
3. Configuring and testing samba
Samba is unix/linux implementation for normal Windows network shares(netbios and CIFS (common internet filesystem)). You can configure samba via /etc/samba/smb.conf. You can access samba with command smbclient or by mounting via mount.
Start by unmounting with umount(8) the NFS directory in lab2 from the previous assignment. If unmounting complains "resource busy", you have a shell with your current directory in the /mnt directory and you need to switch to another directory.
Share /home with read and write permissions (/home shares are already at smb.conf but needs little bit of tweaking) and reload samba. Try to mount //lab1/home/testuser1 to lab2:/mnt with username testuser1 and testuser1's password. You have to run smbpasswd with correct parameters on lab1 first. Check that necessary services and ports are open.
| 3.1 | Demonstrate a working configuration. | 2 p |
| 3.2 | Only root can use mount. What is the problem with home folders? Can this be overridden? | 1 p |
4. Configuring and testing sshfs
sshfs is filesystem for FUSE (filesystem in userspace).
Start by unmounting the samba share on lab2.
Next mount lab1:/home/testuser1 to lab2:/mnt/testuser1 using sshfs. Demonstrate this to the assistant.
| 4.1 | Demonstrate. | 1 p |
| 4.2 | When is sshfs a good solution? | 1 p |
| 4.3 | What are the advantages of FUSE? | 1 p |
| 4.4 | Why doesn't everyone use encrypted channels for all network filesystems? | 1 p |
5. Final questions
| 5.1 | Describe briefly few use cases for samba, nfs and sshfs. Where, why, weaknesses? | 3 p |
| 5.2 | There are many other alternatives. Choose a couple of them and compare them with the previous. |
3 p |
| 6. | Extra points for an excellent demo, or in-depth mastery of the topic or
software |
3p |
7. Finishing your work
When finishing your work, please remember to backup your related files from the lab computers to a safe place (e.g. your home directory in Niksula or the Computer Center). The course does not provide any back up service for the virtual machines and machines can be completely reset your report problems with machines to course personnel.