[Samba] compromising security
Tomasz Chmielewski
mangoo at mch.one.pl
Mon Jul 4 20:55:15 GMT 2005
Recently, I was thinking if my setup is secure.
When the workstations start, they also start a script, which connects to
a Samba share with username/password (and there is software in this
share, with the registration keys etc. important data).
On a workstation, this script can't be read by a normal user (I was
considering some sort of simple pseudo-encrypting, which would turn
plaintext usernames/passwords into a pseudo-encrypted file; in case the
disk or one of workstations is stolen).
But then I realised, that probably it's much easier to get all
credentials, without stealing a disk or decrypting a file with
passwords, so all efforts to protect the shares with usernames/passwords
and encrypting the script are probably useless.
All that should be done is to unplug the workstation from the network,
then plug a laptop with a network sniffer into the workstation (connect
the network cards), and watch the traffic...
If the laptop acts with a name of a "real" server, and has "encrypt
passwords = no" - would the workstation send the credentials in
plaintext, and thus, all carefully crafted security would be compromised?
Or is something fundamentally wrong in my thinking (hopefully)?
--
Tomek
More information about the samba
mailing list