OS X and FreeBSD: What could be a good setup

[Chuck Swiger]

Bart Silverstrim wrote:
[ ... ]
>> Oh, yes: unless you use an encrypted tunnelling protocol like a VPN or 
>> an SSH tunnel, pretty much all filesharing protocols are vulnerable to 
>> subnet-local sniffing.  Using strong encryption when using wireless is 
>> a fine idea.  :-)
> 
> VPN would be a little strong to use for client->wap, though, wouldn't 
> it?  I have used VPN's for WAP<->WAP bridges, but not for a notebook 
> computer to a WAP.

It depends on how much you care about your security, and whether you trust WEP 
to be secure enough to fool anyone who might listen to your wireless network.

> What I HAVE used is SSH, to create a redirected series of ports.  That's 
> reasonably simple to open on a notebook.  BUT I don't know how (or even 
> *if*) it could be used to redirect CIFS connections.

You can run a PPP session over an SSH port tunnel to get a VPN without much 
more effort.

> How come NFS got such heavy flak for insecurity when CIFS also transfers 
> in clear text over the wire?

Who knows?  I guess maybe people don't expect much security from a so-called 
"Windows protocol" to begin with.  :-)  Note that you actually can configure 
NFS to use security, although I've never seen SecureRPC/SecureNFS actually 
deployed anywhere so perhaps it's a moot point.

Someone sufficiently versed in the ways of CIFS can probably make that 
protocol more secure, too, although it's unclear how much good that does if 
all an intruder needs to do is pretend to be a Win98 system (and have fallback 
for backwards compatibility zap security).

-- 
-Chuck