Securing NFS

NFS v3 security is based upon IP address and machines provided UIDs, v4 adds the options for kerberos (krb,krb5i,krb5e) for authentication ,integrity, or privacy(encryption), but there is a lot of overhead in Kerberos. Below are the general discussions with links to details implementations. However there are several other options including IPSEC and STUNNEL. I've listed speed as that is a huge component.

Attacks:

MiTM attack. NFS sessions can be taken over by a host on either side that can continue to relay packets to both machines and change/inject it's own packets. For NFS that does IP based security this allows you to masquerade as another machine. To protect against this attack you need per IP/machine credentials or per user credentials. You can also microsegment your networks based upon the trust model of a host

Compromised Credential Attack: For our purpose we mean leveraging a compromise of one machine to access multi users's data. For example with NFSv3 if you own a machine then you have full access to any machine even with root squash you can still "become/su" that user and do things as that user.

	Adv	Dis	Speed
NFS V3	Speed Simplicity	MiTM attack. Compromised Credential Attack	10Gbps+
Kerberos	Relatively Secure Stops MiTM Attack Can reduce Compromised Credential attack Configure on a per share basis so some shares can be "raw" Standard	Requires NFSv4 Kerberos credentials expire Complicated keytabs can be stolen	50%(untested) 100% if unsecured
IPSEC	Stops MiTM attack Can be used for other ports (but not required) Standard	Does not stop Compromised Credential Attack	25%
STUNNEL	Faster(currently) then ipsec (as tested) Can be used to secure a single machine (or set ) against MiTM attack	Hard to use to stop MiTM attack with multiple trust boundaries Does not stop Compromised Credential Attack	50%

Linux IPSEC

Linux Kerberos