[jcifs] Signed file transfers
Christopher R. Hertel
crh at ubiqx.mn.org
Sat Sep 1 15:45:58 MDT 2012
Windows has had signing turned on by default for quite a while, but it can
be disabled. WAN accelerators for years have required that signing be
disabled, because they proxy the connection. It's fairly easy to disable
signing on Windows systems.
Chris -)-----
On 09/01/2012 02:18 PM, Michael B Allen wrote:
> On Fri, Aug 24, 2012 at 5:26 AM, christofer.dutz at c-ware.de
> <mailto:christofer.dutz at c-ware.de> <christofer.dutz at c-ware.de
> <mailto:christofer.dutz at c-ware.de>> wrote:
>
> Hi,____
>
> __ __
>
> I was confronted with a question, that I couldn’t definitely answer.____
>
> __ __
>
> It is possible to have a SMB file transfer signed in order to detect
> manipulated transfers (Man in the middle).____
>
> __ __
>
> Windows supports this, but soes JCIFS also support it? If yes … do I
> have to do anything to have the transfers signed, or is it always signed
> and it’s simply the receiving nodes responsibility to check this
> signature?____
>
>
> Hi Chris,
>
> Yes, SMB signatures are always used by Windows and JCIFS and the signatures
> include the payload of reads and writes so any modification of the data
> stream will trigger a signature failure in JCIFS (or on the server side).
> Technically SMB signing is negotiable but it has always been turned on and
> used for as long as I can remember. There might be some old Samba based file
> server or something like that that fails to use it. But Windows definitely
> always uses it and modern security policy probably requires it.
>
> Mike
>
> --
> Michael B Allen
> Java Active Directory Integration
> http://www.ioplex.com/
--
"Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
Samba Team -- http://www.samba.org/ -)----- Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/ -)----- ubiqx development, uninq.
ubiqx Team -- http://www.ubiqx.org/ -)----- crh at ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/ -)----- crh at ubiqx.org
More information about the jCIFS
mailing list