[OpenAFS] packet sniffing and file content

[Sam Hartman]

>>>>> "aeneous" == aeneous  <aeneous@speakeasy.org> writes:

    >> But the use of fcrypt is not limited to the kaserver.  It is
    >> also used by the ptserver, update (used to transfer key files
    >> between the SCM and other fileservers), for communication
    >> between the fileserver and the ptserver (for name to id
    >> mappings and to lookup group memberships), and between admin
    >> utilites (pts, kas, & bos) and the corresponding servers.  If
    >> AFS servers are distributed across an unsecured network, there
    >> is lots of opportunity for mischief perpetrated by an attacker
    >> with access to a (hypothetical) high-speed fcrypt cracker.

    aeneous> How hard would it be for them to use a VPN for their Ubik
    aeneous> servers?  For instance, CIPE or IPSec-based.

No harder than setting up Ipsec in the first place.  But really long
term you want some sort of real application-level security
architecture.  But if you need to put kaservers at different physical
locations, Ipsec seems like a way to go.
 
    aeneous> Public addresses in /usr/vice/etc/CellServDB on clients,
    aeneous> private VPN addresses in /usr/afs/etc/CellServDB on Ubik
    aeneous> servers.  VOTE_GetSyncSite wouldn't be useful.

Use public addresses for everything and correctly configure your
policy engine to use a tunnel between the DB servers.