[OpenAFS] AFS in the age of the wild west internet

[Steve Gaarder]

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

--1417731050-1043067161-1462287722=:28450
Content-Type: TEXT/PLAIN; CHARSET=UTF-8; FORMAT=flowed
Content-Transfer-Encoding: QUOTED-PRINTABLE
Content-ID: <alpine.LRH.2.11.1605031102511.28450@riemann.math.cornell.edu>

Yes, of course we do that.  My question is whether there is also a way to=
=20
say that some volumes cannot be accessed from outside our network=20
regardless of credentials.  Would it work to put all those volumes on a=20
server with a firewall that blocks access?

Steve Gaarder
System Administrator, Dept of Mathematics
Cornell University, Ithaca, NY, USA
gaarder@math.cornell.edu

On Tue, 3 May 2016, Brandon Allbery wrote:

> fs sa /path/to/whatever system:anyuser none
>
> -----Original Message-----
> From: openafs-info-admin@openafs.org [mailto:openafs-info-admin@openafs.o=
rg] On Behalf Of Steve Gaarder
> Sent: Friday, March 4, 2016 10:05 AM
> To: openafs-info@openafs.org
> Subject: [OpenAFS] AFS in the age of the wild west internet
>
> While I really like the concept of AFS as a world-wide filesystem, I'm st=
arting to wonder if it's a good idea in the modern age of cyberattacks.
> How safe is it to leave AFS open to the world?
>
> Some of the data we store in AFS does not need to be accessed from outsid=
e of our network; is there a good way of blocking access to it from outside=
 while preserving access to other data in the cell?
>
> thanks,
>
> Steve Gaarder
> System Administrator, Dept of Mathematics Cornell University, Ithaca, NY,=
 USA gaarder@math.cornell.edu _____________________________________________=
__
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
> :??=00T????j)b?=09b?=D3=A9zp=05J)=DF=A2?^??=EC=A2=B8!????????????~???????=
?????=D8=A7~??????=C8=A7~
--1417731050-1043067161-1462287722=:28450--