PSARC 2007/397 NDMP Service

Mark A. Carlson Mark.Carlson at sun.com
Tue Jul 3 05:27:28 PDT 2007 

I agree with your comments on the weak security in the NDMP
standard. Unfortunately, the "relevant standards org" is NDMP.org
and they have gone into hibernation for the most part. Attempts
were made to turn it over to IETF at one point, but that never went
anywhere. We are trying to start up a software effort in the SNIA
that could reawaken interest in this protocol. The best approach would
be to create a Sun Vendor Extension on security like Network Appliance
has published here: http://www.ndmp.org/download/sdk_v4/extensions.shtml

-- mark


Darren J Moffat wrote:
> Minor spec nit, libmd should be used rather than libmd5 as per 
> PSARC/2005/426.
>
> The configurable listening port should probably be provided as an SMF 
> service property, not doing so would require using an alternate SMF 
> method script rather than the one the project team provided.
>
> Much more important though is the security issues with NDMP.  The 
> authentication used in NDMP is weak and doesn't use an algorithm that is 
> in the FIPS 140-2 list, this will cause problems with some customers. 
> Also NDMP does not provide for protection of the data in transit.
>
> However neither of these are issues caused by this project team but are 
> problems that are inherit in the NDMP protocol, the security 
> considerations in the standard are very weak and incomplete.
>
> A security analysis of the NDMP protocol can be found at [1].
>
> Even though the NDMP service is not enabled by default I believe this 
> project would be greatly enhanced if it had the ability to have some 
> access control on incoming connections.  A simple use of libwrap's 
> hosts_access(3) function would provide some enhanced security for the 
> side receiving the inbound connections.  Ideally a stronger 
> authentication and transport protection would be provided but since that 
> would change the on the wire protocol I don't expect the project team to 
> resolve that issue for this case but I would highly encourage them to 
> work with the relevant standards body to get strong authentication 
> (probably using GSS-API or SASL) and data confidentially support in the 
> transport protocol.
>
>
> [1] http://www-users.itlabs.umn.edu/classes/Fall-2006/csci5271/ndmp.pdf
>
> --
> Darren J Moffat
> _______________________________________________
> opensolaris-arc mailing list
> opensolaris-arc at opensolaris.org
>

More information about the opensolaris-arc mailing list