Creating Secure SMB Connections

scottpioso · 11-16-2003, 02:14 PM

Hello,

Does anyone know if it's possible to create a LAN that allows for creating an encrypted session for SMB clients connecting to a SMB server? I tried PuTTY but that is only for a shell session.

What I would like to know is if it's possible to set up a secure session from all clients in a lan communicating to a Linux file server? I guess kind of like a SSL for a lan. Any ideas? Thanks.

jcookeman · 11-16-2003, 02:55 PM

Could you use PGP for that? That would probably be the fastest.

scottpioso · 11-16-2003, 03:02 PM

Hi cookeman,

When you say PGP, do you mean Pretty Good Privacy or something else? If so, what type of software would be supported and is it free?

Second, I see you live in Groton, I'm joining the Navy and I'll be stationed in Groton for 2 years while I attend school at Sub school. Are you in the service too?

baz2 · 11-16-2003, 04:03 PM

Quote:

What I would like to know is if it's possible to set up a secure session from all clients in a lan communicating to a Linux file server? I guess kind of like a SSL for a lan. Any ideas? Thanks.

Normal IP traffic is not encrypted. Windows 2000 does support using IPSec for secure LAN traffic, but I don't know how this would work with Linux clients. Anybody? Interesting question.

More basic, why do you want to secure your lan traffic? How you answer this question can determine your alternatives.

scottpioso · 11-16-2003, 05:25 PM

Hi baz,

Well, it's not really that I want to secure my Lan traffic, I was just posing the question to see it it's possible to do so is all. Reason being is because I may at some point in the near future have my server located off site and want my clients to connect to it. Since they would be connecting and downloading/uploading data, I would want it to be a secure connection at that point, but that would be going over a WAN connection at that point, and that would have to be addressed differently.

jcookeman · 11-16-2003, 05:50 PM

Yes I am in the service. If you would like more information contact me at jcookeman@yahoo.com.

As far as PGP is concerned it will do what you want, however, it is more than you probably want to get into. But, you may like it..

Justin

baz2 · 11-16-2003, 07:49 PM

Quote:

Reason being is because I may at some point in the near future have my server located off site and want my clients to connect to it. Since they would be connecting and downloading/uploading data, I would want it to be a secure connection at that point, but that would be going over a WAN connection at that point, and that would have to be addressed differently.

This is usually addressed by creating VPN connections, though there are other ways. For example, I access my home LAN from school. I use puTTY to open a SSH connection to a linux server behind my soho router, which works as a good hardware firewall. SSH has the ability to port-forward other traffic, so I access my Windows boxes securely. Kind of a poor-man's quick and dirty "vpn." But for any kind of serious client connections, you should look into VPN software.

baz2 · 11-16-2003, 07:59 PM

Quote:

I got it installed, however, I guess I wasn't clear about what this software does. What I would like to do is create a secure session for all communication from my windows box to my Linux server, including all file transfers from the server to the clients. All that I can see that it has done is allow me to open a shell from Windows. I think I am not using the right software.

I copied this from the other thread. I don't want to get spread too thin.

Look into a program called "WinSCP." This will open up a secure session on your linux box from a Windows client, with a nice graphical file manager for secure file transfers. Look here for more info.

jcookeman · 11-16-2003, 08:36 PM

Heck....if all you want to do is use SCP then go grab the ssh.com client. It will do a terminal session and the second desktop icon if for ssh file transfer:

ftp://ftp.ssh.com/pub/ssh/SSHSecureS...ient-3.2.9.exe

scottpioso · 12-01-2003, 04:32 PM

Hi Baz,

Got a question for you. . Traditionally, from what I know about VPN's they're only used for dial up connections. If I have a broadband cable connection, can I still set up a VPN with this software you're referring to?

Second, is there any open source VPN software that I could get reasonably inexpensive?

jcookeman · 12-01-2003, 06:51 PM

Scott,
VPN is preferred over a fast connection. They are used all the time for commuters with broadband at home and travel business in hotels and remote sites. Win2K server supports VPN server through PPTP and L2TP. There is a Linux version at www.poptop.org for windows clients and they link to an L2TP version. For linux/BSD you have FreeS/WAN at www.freeswan.org. It seems to have limited Windoze support.

If you have Win2K server and Windows workstation you can set up the VPN as it is already under the hood. FreeS/WAN is free for linux and BSD.

scottpioso · 12-02-2003, 08:40 AM

Thanks Justin,

I'll give that a try

jcookeman · 12-02-2003, 11:58 AM

Companies also use them for cost effective and secure point to point links and tunnels between sites, also.

scottpioso · 12-02-2003, 03:00 PM

K Thanks a lot Justin!! I haven't had the time to really check into it in too much detail , but do you know if I'll be able to set it up transparently for my Windows users? What I mean is, I have network drives setup from the Windows machine to Linux. When I move the Linux box off site, is it possible to set it up so the users on Windows will not even sense any difference?

jcookeman · 12-02-2003, 03:03 PM

Yes you can do this. Depending on the link speed between sites. You can have a linux box at each site handling the vpn and perform the gateway function and it can be very transparent to the users.