 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
On Thu, 18 May 2000, Ron Peterson wrote: > I'm contemplating opening my firewall to allow NetBIOS traffic through, NONONONONO! > so people in my office can mount Samba shares from home. NONONONO! > Am I being egregiously stupid? YESYESYESYESYES!!! Well, not really, you're just ignorant of the issues. Basically doing this makes your system very susceptible to attack, and your data can easily be copied by basically anyone. > > Samba supports encrypted authentication. Is this encryption strong > enough to ward off script kiddies and their ilk? Script kiddies, maybe, real hackers, no. The encryption MS uses for these passwords is very easily broken. I've used -- I mean seen -- I mean heard of programs to crack them. :) > Are there other vulnerabilities, in addition to authentication, that I > should be concerned about? Well, if you're on mediaone, it may not be possible. Mediaone has supposedly implemented filtering of netbios at the CM. Other people are probably doing this too. netbios is a very chatty protocol, and most people who are concerned about the efficiency of their network won't want it on their wires. > Are there better alternatives? Besides Oracle's IFS (I'm sure it may be > fine technology, I just don't like Oracle). Is a VPN the only way to > go? Would sure be nice to just NET USE T: \\HOST.MY.DOMAIN\SHARE. Yeah, copy the data to a CD and put it on a local server. Shares over the internet are a VERY bad idea, in general. Rereading your post, I now see that I've misunderstood you. I thought initially you wanted to make a share you had at your home available to users at your office. What you're doing sounds even worse to me. -- Derek Martin System Administrator Mission Critical Linux martin at MissionCriticalLinux.com - Subcription/unsubscription/info requests: send e-mail with "subscribe", "unsubscribe", or "info" on the first line of the message body to discuss-request at blu.org (Subject line is ignored).
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
