CIFS (or equiv.) and security

Ron Peterson rpeterson at yellowbank.com
Thu May 18 14:09:12 EDT 2000


I'm contemplating opening my firewall to allow NetBIOS traffic through,
so people in my office can mount Samba shares from home.  If I do this,
I thought I'd just port forward (I realize this only lets me expose one
machine, but that's o.k.) to my fileserver behind my masquerading
server.

Am I being egregiously stupid?

Samba supports encrypted authentication.  Is this encryption strong
enough to ward off script kiddies and their ilk?  Are there other
vulnerabilities, in addition to authentication, that I should be
concerned about?

Are there better alternatives?  Besides Oracle's IFS (I'm sure it may be
fine technology, I just don't like Oracle).  Is a VPN the only way to
go?  Would sure be nice to just NET USE T: \\HOST.MY.DOMAIN\SHARE.

Right now, I allow people read-only access via a browser by setting up a
secure Apache host that points to where our office files are.  Basically
run Apache's insecure authentication over https.  But it would be nice
to allow full access, especially to people w/ cable modems or DSL.

I just use ftp/ssh myself, but that's a bit much for most people here.

-Ron-
-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).



More information about the Discuss mailing list