CIFS (or equiv.) and security

[niall at kst.com (Niall Kavanagh)]

On Thu, 18 May 2000, Derek Martin wrote:

> > 
> > Samba supports encrypted authentication.  Is this encryption strong
> > enough to ward off script kiddies and their ilk?  
> 
> Script kiddies, maybe, real hackers, no.  The encryption MS uses for these
> passwords is very easily broken.  I've used -- I mean seen -- I mean heard
> of programs to crack them.  :)  
>

l0phtcrack being the bestest and easiest to use. Even a script kiddie can
use it. ;)
 
> > Are there other vulnerabilities, in addition to authentication, that I
> > should be concerned about?
> 
> Well, if you're on mediaone, it may not be possible.  Mediaone has
> supposedly implemented filtering of netbios at the CM.  Other people are
> probably doing this too.  netbios is a very chatty protocol, and most
> people who are concerned about the efficiency of their network won't want
> it on their wires.
>  

Mediaone will turn this off for you on request.

> > Are there better alternatives?  Besides Oracle's IFS (I'm sure it may be
> > fine technology, I just don't like Oracle).  Is a VPN the only way to
> > go?  Would sure be nice to just NET USE T: \\HOST.MY.DOMAIN\SHARE.
> 

Assuming it's Windows on both ends you could use the PPTP stuff that comes
with windows to get you started. Vastly safer than sending everything in
the clear over the wire. I've never used it myself, but from what I've
seen it's a couple of wizards to configure. Of course, anything that only
takes a couple of wizards to configure probablyt isn't all that secure...
;)

--
Niall Kavanagh, niall at kst.com
News, articles, and resources for web professionals and developers:
http://www.kst.com

-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).