Article:
  Using NFS for Networked Backups
Subject:   NFS for backups?
Date:   2003-03-15 12:39:42
From:   anonymous2
NFS for backups is one of the stupidest ideas I've heard, and someone doing this for a job should be fired.


- sends data unencrypted, anyone can spoof. Basically the same as if you gave anyone a readonly root access to all your computers.
- impossible to set up securely, if you give ANY write privileges, with a simple IP spoof attacker can delete/change anything
- no checksums, if errors occur in transfer, you're screwed.


A very simple workaround is to pipe the results of tar or dump or whatever into ssh. This solves the mentioned problems.


MfG shurdeek

Full Threads Oldest First

Showing messages 1 through 2 of 2.

  • NFS for backups?
    2006-06-08 06:56:51  ArturAnj [View]

    Sometimes it's not stupid at all: in a controled network environment, sometimes it's very easy to had an extra network card to each server, and...

    (It still have the checksum problem, but the beneficts are great - keep it simple)
  • NFS for backups?
    2003-03-19 09:27:35  simon_hibbs [View]

    It's not inherently more stupid than using NFS at all, at least from a security standpoint. Sure they get all the data rather than dribs and drabs, but still...

    On your second point - why would you make a backup share writeable? Duh!

    Finaly, ok on checksums you have a point but this is just down to limitations in tar and the article does suggest other tools such as dump. Ultimately he wasn't writing an article aimed at being the be-all and end-all of backups.

    Still, piping backups through ssh. That's quite neat, I usualy pipe remote backups through compress, but if I'm working in a nonsecure network I'll remember that.

    Simon Hibbs