 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
Jeffry Smith wrote: > > Regardless of the type of authentication, remember that the actual > SAMBA reads / writes are UNENCRYPTED! Better to do the SAMBA over > SSH or some sort of VPN solution. I'm not too concerned about anyone reading the file traffic. There aren't any password lists or anything like that flying around. A bunch of architectural CAD files, mostly. I have to think there can't be too many people out there trying to spy on our exterior wall details. There seem to be three possible weaknesses here: (1) eavesdropping in on the login (although no-one has a shell account), (2) reading (unencrypted) file traffic, and (3) something I haven't thought of. Like I say, (2) doesn't bother me much. But (1) and (3) do. I'm just not knowledgeable enough about security matters to have a worthy opinion about the risks involved. > BTW: How secure is that Windows box behind your server? Remember, > the chain of security is only as strong as its weakest link. So, that > may be the only box you're exposing, but once it's broken, your > network is compromised. That's the reason for DMZs for stuff exposed > to the internet. Good point. Most of my effort's been on the firewall server. I don't *think* I'm running any services besides those I need though. -Ron- - Subcription/unsubscription/info requests: send e-mail with "subscribe", "unsubscribe", or "info" on the first line of the message body to discuss-request at blu.org (Subject line is ignored).
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
