Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
Derek Atkins wrote in a message to Mike Bilow: DA> The only problem is that SMB is completely insecure, cannot be DA> secured, and leaves your windows machine virtually open to DA> attack. NFS at least has some semblance of security, and newer DA> versions of NFS will even incorporate Kerberos V5 security DA> through the GSS_RPC security flavors. DA> If at all possible, I'd recommend you use NFS. I'd recommend DA> you _ONLY_ use SMB behind a facist firewall. And I __HATE__ DA> firewalls. I understood the original question to involve machines not connected to the outside world, although your points would be valid if that were not the case. Since NetBEUI is inherently unable to be routed, I would assume that it tends to be fairly secure by default. This is very different from TCPBEUI, which obviously can cross routers. I can't really imagine anyone running a TCP/IP LAN without a firewall these days, and I'm not so sure that the firewall has to be quite that fascist. You're something of an expert on security, so I may as well ask: if the firewall simply blocks all inbound traffic referencing ports 137, 138, and 139, what risk is there to a TCPBEUI LAN? Are there any legitimate reasons for traffic from the public referencing these ports to cross a firewall? netbios-ns 137/tcp NETBIOS Name Service netbios-ns 137/udp NETBIOS Name Service netbios-dgm 138/tcp NETBIOS Datagram Service netbios-dgm 138/udp NETBIOS Datagram Service netbios-ssn 139/tcp NETBIOS Session Service netbios-ssn 139/udp NETBIOS Session Service # Jon Postel <postel at isi.edu> DA> N1NWH I didn't know you were a ham! Are you ever active on the Boston repeaters? -- Mike, N1BEE
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |