Network Information Service



next up previous contents
Next: Improving Security in Up: Threats Associated With Previous: Remote File Sharing

Network Information Service

 

Network Information Service (NIS) [SUN90b], formerly called Yellow Pages (YP), is a distributed database system that lets systems share password files, group files, host tables, and other files over the network. NIS simplifies the management of a network because all of the account and configuration information is reconstructed and stored on a single computer, the NIS master server. NIS is included with SunOS, most SVR4 UNIX systems, and many other flavors of UNIX.

Shared NIS database files are called maps and hosts that belong to the same NIS domain share the same set of maps. NIS slave servers, which obtain up-to-date copies of the maps from the NIS master server, are used to provide information when the NIS master server is down. Although NIS simplifies the task of system administration, it also presents several security problems when it is not securely configured.

NIS naming services were originally designed to address the administration requirements of client/server networks in the 1980s. Such networks had specific characteristics, including [JS92]:

Since NIS was not designed to address security requirements, NIS is susceptible to abuse. The following is a list of threats associated with using NIS [Cur92]. Section 10.2.10 discusses methods which can be taken to avoid potential security problems with NIS.

Network Information Services Plus (NIS+), incorporated into Solaris 2.0 (SunOS 5.0), replaces NIS. NIS+ enhancements include support for hierarchical domain names, use of a new database model, and changes to the NIS authentication and authorization model [JS92]. NIS+ contains security aspects lacking in NIS.



next up previous contents
Next: Improving Security in Up: Threats Associated With Previous: Remote File Sharing



John Barkley
Fri Oct 7 16:17:21 EDT 1994