Question about Samba Security
Gerald (Jerry) Carter
jerry at samba.org
Thu Nov 29 16:02:06 GMT 2007
-----BEGIN PGP SIGNED MESSAGE-----
> I am the resident IT guy at a small, but growing company. I setup Samba
> (most recent version) on a FreeBSD 6.1 server which everyone in the
> company now uses to store personal and shared files. It's great. We have
> a few employees who work outside of the office though, and I want them
> to be able to access the same filesystem somehow. I thinking about
> setting up our router to forward port 139 so that out outside employees
> can access the Samba server (so long as they have the IP of our router,
> which is static). But I have security concerns in doing this. Is this
> risk of being attacked/hacked over port 139 very high?
Its never recommended to put a CIFS file server (from any vendor)
outside the firewall.
> Is Samba as vulnerable to attacks over port 139 as an actual
> Windows server is?
There are several weakness in the protocol itself. Recent
protocol improvements can alleviate this, but in general
CIFS is a very broad protocol that requires large amounts
> If so, can someone recommend another solution? Setting up
> a VPN is an project that I don't have time to get involved
> with. Please reply to my email: dave at transducertech.com.
Best to invest the time in a VPN though. That's the recommended
Samba ------- http://www.samba.org
Centeris ----------- http://www.centeris.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the samba-technical