Samba <> Internet file share
David Collier-Brown
David.Collier-Brown at canada.sun.com
Wed Aug 9 16:09:36 GMT 2000
At 12:42 09/08/00 +1000, Ashley Drees wrote:
>If I were to enable samba on the internet facing side of my system, what
>security issues would I face.
As Chris Watt notes, the normal risk is the same as if you were
to run an external ftp server.
However, Microsoft **strongly** reccomend you not do so because
it exposes a risk in Internet Explorer: you can convince IE to send
you plain-text passwords via file://server/share URIs.
They fixed this by introducing semi-encrypted passwords and
a challange-response system in their SMB server.
So:
for "anonymous ftp" style use, samba is fine, with either
encrypted or plain-text passwords, on a properly secured
server outside your firewall
for working with shared files that shouldn't be public, use
a vpn of some sort, or use ssh/scopy instead.
--dave (a former professional paranoid)
--
David Collier-Brown, | Always do right. This will gratify some people
185 Ellerslie Ave., | and astonish the rest. -- Mark Twain
Willowdale, Ontario | //www.oreilly.com/catalog/samba/author.html
Work: (905) 415-2849 Home: (416) 223-8968 Email: davecb at canada.sun.com
More information about the samba
mailing list