LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   SAMBA file transfers not secure - same for Windows? (https://www.linuxquestions.org/questions/linux-security-4/samba-file-transfers-not-secure-same-for-windows-519575/)

Micro420 01-15-2007 04:12 PM
SAMBA file transfers not secure - same for Windows?
 
I received a great book about SAMBA and was reading through it the other day. It mentioned that file transfers done between a SAMBA server and a Windows machine is not secure. So potentially someone could sniff the traffic between the two machines. I was wondering if this was the same case from a Windows to Windows machine.

stress_junkie 01-15-2007 09:49 PM
Yes it is the same for Windows. In fact, in Linux you can forward an application port to the ssh port which will encrypt the data and then send the data to its destination. Windows doesn't even have ssh available. You can find ssh for Windows as an open source project but Windows file transfers insecure by default. So Samba file transfers are insecure by default because it has to be compatible with Windows and because the SMB specification doesn't include encrypted file transfers.

To be fair, NFS file transfers are unencrypted as well. FTP file transfers are insecure too. All of these things were created before people became interested in security. Many or even most enterprise level networks are still living in the dark ages where people are not concerned about encryption over the network. I was recently listening to several technical "pod casts". I was very discouraged when I heard these system administrators saying things that indicated that they had no particular interest in security. I even heard one of them state the name and location of their employer and the name of that business's ISP. Amazing. That is business confidential information. I know. You could say that the information is available via public records accessed via dig or nslookup. Nevertheless I think it showed a real lack of good judgment for this guy to say "I work here at this business and in this city and we use XYZ for our ISP."

But. back to our story of Windows and Samba file encryption: we can bolt ssh on to the back end, so to speak, so we can make these file transfer utilities more secure than they are by default.

Capt_Caveman 01-15-2007 10:14 PM
To add to the above, Samba and Windows File Shares should never be openly exposed to the internet. The lack of encryption and weak authentication measures make it an inappropriate service to be run in that manner. It was never designed to be a hardened protocol and should only be run inside of a secure network or only accessible once remote users have authenticated to a VPN which provides hardened auth and encryption.

Micro420 01-16-2007 12:20 AM
Thank you both for your valuable input and information! I appreciate it!

The situation I have at work is a little complicated. We are in our own LAN, but at the same time, this LAN is exposed over the internet. I did not set up the network this way as the institution I work for did this. So Capt_caveman, yes my SAMBA could potentially be accessible over the internet, however, I set up my iptables to only allow local SAMBA connections which get filtered out if requests come outside from the internet. I also do as much filtering as possible with IP address and user authentications in the SAMBA configuration file.


All times are GMT -5. The time now is 02:41 AM.