Is NFS very secure? Secure alternatives

Question

I know that there is a very similar question to that Is NFS Secure Over Internet, but I am asking a little bit different.

I guess that NFS is not so secure, as I can learn from the internet and from that question.

Are there any very secure methods to use in order for your employees to have access to some files you want to be very secure?

Let's say it a little different. If NSA for example, has some documents, lets say top secret, and wants those documents to be available to its employees (NSA may want each employee to have access to different documents according with what they are working on) but no-one else, and under no circumstances someone from inside or outside of the agency could have access to files that should not see, what NSA may do?

I am not just asking for NFS here, but everything that NSA could use to achieve it's purpose.

This question appears to be off-topic because it belongs on [Information Security](http://security.stackexchange.com/). — jasonwryan, Dec 06 '13 at 08:49
@jasonwryan however I am asking about current linux solutions — John Smith, Dec 06 '13 at 09:40
I'll add that give this scenario, the best bet form NSA security prospective probably is use something like a cripted usb flash drive plus a trusted courier plus an employee computer totally disconnected from internet. Or even better is to force the employee to travel to a secure NSA facility. — DavAlPi, Dec 06 '13 at 09:45

score 1 · Answer 1 · edited Mar 20 '17 at 10:04

Are there any very secure methods to use in order for your employees to have access to some files you want to be very secure?

Your original link mentions sshfs, which uses the SSH 2.0 protocol, which seems to be considered secure, and not to be confused with SSL 2.0, which is considered insecure as there are known methods to crack it.

There are also file sharing applications (e.g. proFTP) which can use TLS. TLS is about as secure as you can get, I believe.

The specific cipher used will affect the level of security. AES is available for all of the above and supported by the the U.S National Institute of Standards and Technology. This is an independent body concerned with commerce and communication, but also (non-military) government communication. You don't have access to military encryption systems, obviously, but beyond an element of "security through obscurity", those probably don't have an edge over anything in the public sphere.

There are rumors that the NSA has systems capable of cracking AES encryption. These imply a tremendous amount of hardware is required, so in this case (presuming such rumors are true), you can only spy on some of the people some of the time.

@Nils : I agree. I think there are a lot of smart "white hat" security types and if there really were a way around brute forcing a key, it would end up public. And the math on brute force looks absurd; it's not feasible. The development of quantum computers may pose a serious threat to contemporary cryptography, but we don't have to worry about that yet. — goldilocks, Dec 06 '13 at 14:19
Sure? [This IEEE article is 9 years old...](http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=1324601&url=http%3A%2F%2Fieeexplore.ieee.org%2Fiel5%2F9141%2F29316%2F01324601) — Nils, Dec 08 '13 at 21:52

score 1 · Answer 2 · answered Dec 06 '13 at 14:13

sshfs was already mentioned - this is what we are migrating to if https is no option.

NFSv4 with encryption might be a possible way, too - I never used it myselv.

But if I were you and would have to share a few documents to a number of people, with no need to actually mount isos or anything else, I would go for https.

BUT: Be sure to enable strong ciphers and disable weak ciphers.

The same is true for SSH (where you never ever should use protocol 1 any more).

Is NFS very secure? Secure alternatives

2 Answers2