NFS Windows/Linux
Mike Bilow
mikebw at bilow.bilow.uu.ids.net
Wed Feb 19 23:14:00 EST 1997
Derek Atkins wrote in a message to Mike Bilow:
DA> The only problem is that SMB is completely insecure, cannot be
DA> secured, and leaves your windows machine virtually open to
DA> attack. NFS at least has some semblance of security, and newer
DA> versions of NFS will even incorporate Kerberos V5 security
DA> through the GSS_RPC security flavors.
DA> If at all possible, I'd recommend you use NFS. I'd recommend
DA> you _ONLY_ use SMB behind a facist firewall. And I __HATE__
DA> firewalls.
I understood the original question to involve machines not connected to the
outside world, although your points would be valid if that were not the case.
Since NetBEUI is inherently unable to be routed, I would assume that it tends
to be fairly secure by default. This is very different from TCPBEUI, which
obviously can cross routers. I can't really imagine anyone running a TCP/IP
LAN without a firewall these days, and I'm not so sure that the firewall has to
be quite that fascist.
You're something of an expert on security, so I may as well ask: if the
firewall simply blocks all inbound traffic referencing ports 137, 138, and 139,
what risk is there to a TCPBEUI LAN? Are there any legitimate reasons for
traffic from the public referencing these ports to cross a firewall?
netbios-ns 137/tcp NETBIOS Name Service
netbios-ns 137/udp NETBIOS Name Service
netbios-dgm 138/tcp NETBIOS Datagram Service
netbios-dgm 138/udp NETBIOS Datagram Service
netbios-ssn 139/tcp NETBIOS Session Service
netbios-ssn 139/udp NETBIOS Session Service
# Jon Postel <postel at isi.edu>
DA> N1NWH
I didn't know you were a ham! Are you ever active on the Boston repeaters?
-- Mike, N1BEE
More information about the Discuss
mailing list