Subject: Re: netatalk security vs. ftp, ssh
From: Tom Fitzgerald (tfitz@MIT.EDU)
Date: Fri Jul 28 2000 - 19:42:50 EDT
> Hi, I am the systems administrator for my company and I have been trying to
> find a way to shut down ftp access to our server. This would entail
> finding an alternative file transfer protocol, such as some sort of GUI-scp
> or a combination of netatalk and samba(?) or something else.
>
> What I really want to know is if there are any place (or anyone) that will
> tell me the vulnerabilities of using netatalk.
1) File data is not encrypted, so existing sessions are vulnerable to IP
spoofing attacks. You can block outside attacks with appropriate source
address filters at your router, but inside attacks are harder to block.
Authentication handshakes are encrypted, so an attacker is out of luck
unless a session has already been set up.
2) Unless the admin has disabled cleartext passwords (which isn't hard),
clients can send their passwords in the clear. Double-randnum
authentication is pretty darn good as authentication methods go. With
single-randnum authentication, an inside attacker can impersonate a
server without the client knowing.
3) To use encrypted authentication with clients older than MacOS 9, the
user passwords must be stored in cleartext on the server. This isn't
actually as much of a problem as one might think, since anyone who can
break in far enough to get the passwords could also get the passwords
by other means even if they were encrypted on disk.
4) Users can walk away from their Macs leaving network drives mounted
and visible on the desktop. There's no easy way to time out idle
connections.
5) If the authentication handshake can be sniffed, it's vulnerable to
a dictionary attack. This is no different from scp/ssh.
I'd put netatalk at about the same security level as AFS or kerberized
ftp, better than SMB or NFS, not as good as scp (though the server
authentication is better than scp's in some ways).
This archive was generated by hypermail 2b28 : Wed Jan 17 2001 - 14:31:40 EST