I need to secure our NFS services. We have a common area used as a
software repository and for shared scripts that we mount in read-only
mode at boot time, plus a read-write mount point that we mount when
necessary for script output.

I see an option in smit to "Specify whether you want to require
clients to use a more secure protocol when accessing the directory."
In the client setup, it appears that this specifies the use of DES.

How good (i.e. how secure) is this? Is it bulletproof enough for
production work? Is it version dependent? We have a mix of 4.3, 5.1,
and 5.2 servers.

Are there other options (open source, freeware, or commercial) that
are better?

Any help would be appreciated.

Thanks,
Steve