[jcifs] Signed file transfers

Christopher R. Hertel crh at ubiqx.mn.org
Sat Sep 1 15:45:58 MDT 2012 

Windows has had signing turned on by default for quite a while, but it can
be disabled.  WAN accelerators for years have required that signing be
disabled, because they proxy the connection.  It's fairly easy to disable
signing on Windows systems.

Chris -)-----

On 09/01/2012 02:18 PM, Michael B Allen wrote:
> On Fri, Aug 24, 2012 at 5:26 AM, christofer.dutz at c-ware.de
> <mailto:christofer.dutz at c-ware.de> <christofer.dutz at c-ware.de
> <mailto:christofer.dutz at c-ware.de>> wrote:
> 
>     Hi,____
> 
>     __ __
> 
>     I was confronted with a question, that I couldn’t definitely answer.____
> 
>     __ __
> 
>     It is possible to have a SMB file transfer signed in order to detect
>     manipulated transfers (Man in the middle).____
> 
>     __ __
> 
>     Windows supports this, but soes JCIFS also support it? If yes … do I
>     have to do anything to have the transfers signed, or is it always signed
>     and it’s simply the receiving nodes responsibility to check this
>     signature?____
> 
> 
> Hi Chris,
> 
> Yes, SMB signatures are always used by Windows and JCIFS and the signatures
> include the payload of reads and writes so any modification of the data
> stream will trigger a signature failure in JCIFS (or on the server side).
> Technically SMB signing is negotiable but it has always been turned on and
> used for as long as I can remember. There might be some old Samba based file
> server or something like that that fails to use it. But Windows definitely
> always uses it and modern security policy probably requires it.
> 
> Mike
> 
> --
> Michael B Allen
> Java Active Directory Integration
> http://www.ioplex.com/

-- 
"Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
Samba Team -- http://www.samba.org/     -)-----   Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/   -)-----   ubiqx development, uninq.
ubiqx Team -- http://www.ubiqx.org/     -)-----   crh at ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/    -)-----   crh at ubiqx.org

More information about the jCIFS mailing list