File sharing over NON-tcp/ip networks - what is the best protocol?
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
If you want to run Appletalk then you'll need to look into a daemon called Netatalk
It can do AFP (Apple Filing Protocol) over Appletalk.
Also just for info... you can configure Netatalk to do AFP over regular TCP/IP - avoiding all that Appletalk mess
Τhanks for the info. It turns out the weakest link in security is humans
Definitely
Quote:
Originally Posted by Ulysses_
one philosophy is to accept that you will eventually get infected and plan for it, in order to limit the spread and durability of the infection.
A good way to look at things, in my opinion. Obviously it is good to do all you can to prevent compromise, but it is also important to accept the inevitability of compromise and detect and mitigate against it as best you can.
Quote:
Originally Posted by Ulysses_
Is the time taken to penetrate, a sound metric of security? Or you can provide perfect unbreakable security?
I believe it is to a certain extent. Many, if not most, compromises are compromises of convenience. The low hanging fruit is the first to be picked. Unless there is a targeted attack against your servers, all you really have to do is be more secure than the next guy.
Quote:
Originally Posted by Ulysses_
What about the number of people capable of penetrating a server within a given time, is that a sound metric of security?
Since it is unmeasurable, I would say no.
The main place your obscure protocol arguement falls down is that the protocols you are considering as alternatives to TCP/IP are all no longer in active development, so, while TCP/IP is continually acquiring more secure features (IPSec, DNSSec and so on) these other protocols are as secure as they are ever going to get. The fact that less vulnerabilities are known doesn't mean that they don't exist.
If anyone is interested, here's how it can be done. Appletalk replaces tcp/ip in the local network as follows: On windows computers you install pc maclan (choose "Disable encrypted logins" under menu Configure-Server information). On linux computers you apt-get the netatalk package, edit the file /etc/netatalk/atalkd.conf adding one line that says "eth0" without the quotes, and reboot for the automagic configuration to occur. The windows computers can then see the linux home directories but not the other way round (there simply isn't any linux tool for reaching appletalk file shares in windows which is probably a good thing). This means you have to remember to copy any new files from linux to windows if you use a liveCD for the linux box.
The afpd program expects clear text passwords from the Macs.
Security could be a problem, so be very careful when you run this
daemon on a machine connected to the Internet, you have yourself to
blame if somebody nasty does something bad.
Just remember that I expect the linux box to get hacked so any encryption in the linux-windows link is irrelevant, the hacker can type what I type and see what I can see, that's ok. I don't want to hide the windows server's shared files. Let the hacker see them if they can. What I want to prevent is the hacker from owning the server too. So how would you go about penetrating the server in order to own it, not just read the apple-shared files?
Just remember that I expect the linux box to get hacked so any encryption in the linux-windows link is irrelevant, the hacker can type what I type and see what I can see, that's ok. I don't want to hide the windows server's shared files. Let the hacker see them if they can. What I want to prevent is the hacker from owning the server too.
Rephrasing what I already said in post #4: if you would have exhausted common host and network hardening and segregation, then you wouldn't have to waste effort and stoop to using such a contorted security posture just to satisfy your fabled "protocol isolation" thingie.
if you would have exhausted common host and network hardening and segregation, then you wouldn't have to waste effort and stoop to using such a contorted security posture just to satisfy your fabled "protocol isolation" thingie.
Repeating over and over something does not make it right - you are failing to counter any of the arguments presented. That's because, the truth is, you do not have a clue how to break into the pc maclan implementation of appletalk, and neither has anyone in common hacking and anti-hacking forums: I have found very few exploits for the OS X implementation of appletalk (123), but there is not a single exploit for the pc maclan implementation! So it is like OS X was in its beginning. The bad guy would have to do vulnerability research from scratch, for weeks or months before finding an exploit for pc maclan. And our humble pc's are not worth that much.
In the interest of those wishing to use a liveCD for security and transfer files to their main computer by this extremely simple and yet powerful setup, a few notes to remember. The act of getting an .avi from youtube or whatever file you want to keep must be done without visiting any other sites in the same liveCD session. Powering off the diskless liveCD linux box would take care of isolating one browsing session from another.
If a windows shared folder is used instead of the linux ramdisk, remember to clear-up the shared folder at the start of each session. From windows.
you are failing to counter any of the arguments presented. That's because, the truth is, you do not have a clue how to break into the pc maclan implementation of appletalk, and neither has anyone in common hacking and anti-hacking forums
I see your fortune cookie for today reads: when a man points
at the moon, the fool
looks at his finger.
Apparently you missed my post #19. Appletalk has the same flaw as telnet does(which is why ssh replaced telnet), it transmits information in the clear. One just sniffs the network for a while, capturing flow, process data, and you have all the logins/passwords. You really do not run into a much simpler crack(these days).
As far as cracking the server, using obscure protocols still leaves the same old cracks in the in the OS.
I remember your post lazlow, and as I said before, any encryption is irrelevant because the hacker can run a keylogger and type what I type (password etc) and see what I see (any shared folder of the windows server). I do not mind them seeing the shared folder because it is only for temporary storage of my downloaded files during a liveCD session, cleared at every boot. As long as you visit only the site of the download during a session, there won't be any hacker during this session to infect the download (unless you're unfortunate enough to have a static ip). So let the shared folder be seen, it is penetrating the windows server for the purposes of owning it that we want to prevent.
Quote:
using obscure protocols still leaves the same old cracks in the in the OS.
What cracks do you mean? Faults in the ethernet drivers of the windows server?
By the way, it is not only tcp/ip that is uninstalled from the windows server in this setup, but also all other items in the connection properties: Client for microsoft networks, File and printer sharing for Microsoft networks, etc. Only two items remain, the pc maclan appletalk protocol, and the pc maclan service.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.