[Samba] Re: samba as a replacement for ftp
mark
lists at xinot.net
Tue Feb 25 15:12:22 GMT 2003
On Tuesday 25 February 2003 15:02, Francis Lau wrote:
> If we plan to use samba/windows 's way of encrypting passwords (LanManager
> / Windows NT MD4) then we don't need a VPN. I would think that all the
> user has to do is connect by typing \\some.domain.name.ca\sharefolder
> using ports 137/139. Am I correct here? Please correct me if I am wrong.
>
> Would there be any security risks if we were to implement samba this way?
>
> Many thanks,
> Francis
1. The smb/cifs/whatever connection itself is NOT encrypted. So all the
files could be read by anyone with access to a machine it crosses.
2. The encrypted passwords are weak. There is documentation that comes with
releases that explains this better than I understand it.
3. Many ISP's block ports 137/139. A large number of people have filesharing
available without knowing it.
Those are some thoughts off of the top of my head.
mark
More information about the samba
mailing list