Question about Samba Security

[Gerald (Jerry) Carter]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dave,

> I am the resident IT guy at a small, but growing company. I setup Samba
> (most recent version) on a FreeBSD 6.1 server which everyone in the
> company now uses to store personal and shared files. It's great. We have
> a few employees who work outside of the office though, and I want them
> to be able to access the same filesystem somehow. I thinking about
> setting up our router to forward port 139 so that out outside employees
> can access the Samba server (so long as they have the IP of our router,
> which is static). But I have security concerns in doing this. Is this
> risk of being attacked/hacked over port 139 very high? 

Its never recommended to put a CIFS file server (from any vendor)
outside the firewall.

> Is Samba as vulnerable to attacks over port 139 as an actual 
> Windows server is?

There are several weakness in the protocol itself.  Recent
protocol improvements can alleviate this, but in general
CIFS is a very broad protocol that requires large amounts
of parsing.

> If so, can someone recommend another solution? Setting up 
> a VPN is an project that I don't have time to get involved
> with. Please reply to my email: dave at transducertech.com.

Best to invest the time in a VPN though.  That's the recommended
solution.



cheers, jerry
- --
=====================================================================
Samba                                    ------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com
"What man is a man who does not make the world better?"      --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHTuJ+IR7qMdg1EfYRAjBYAKDLmsyxTF+oVKBuHgJKEmmq4juX3gCfWM5Z
JYJ2CgnXzeGtYcwZPY9IztY=
=SmG0
-----END PGP SIGNATURE-----