Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CIFS (or equiv.) and security

Regardless of the type of authentication, remember that the actual
SAMBA reads  / writes are UNENCRYPTED!  Better to do the SAMBA over
SSH or some sort of VPN solution.

BTW:  How secure is that Windows box behind your server?  Remember,
the chain of security is only as strong as its weakest link.  So, that
may be the only box you're exposing, but once it's broken, your
network is compromised.  That's the reason for DMZs for stuff exposed
to the internet.


On Thu, 18 May 2000, Ron Peterson wrote:

> I'm contemplating opening my firewall to allow NetBIOS traffic through,
> so people in my office can mount Samba shares from home.  If I do this,
> I thought I'd just port forward (I realize this only lets me expose one
> machine, but that's o.k.) to my fileserver behind my masquerading
> server.
> Am I being egregiously stupid?
> Samba supports encrypted authentication.  Is this encryption strong
> enough to ward off script kiddies and their ilk?  Are there other
> vulnerabilities, in addition to authentication, that I should be
> concerned about?
> Are there better alternatives?  Besides Oracle's IFS (I'm sure it may be
> fine technology, I just don't like Oracle).  Is a VPN the only way to
> go?  Would sure be nice to just NET USE T: \\HOST.MY.DOMAIN\SHARE.
> Right now, I allow people read-only access via a browser by setting up a
> secure Apache host that points to where our office files are.  Basically
> run Apache's insecure authentication over https.  But it would be nice
> to allow full access, especially to people w/ cable modems or DSL.
> I just use ftp/ssh myself, but that's a bit much for most people here.
Get them on Linux?

Jeffry Smith      Technical Sales Consultant     Mission Critical Linux
smith at phone:978.446.9166,x271 fax:978.446.9470
Thought for today:  Economics is extremely useful as a form of employment for economists.
		-- John Kenneth Galbraith

Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at (Subject line is ignored).

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /