Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
01-15-2007, 04:12 PM
|
#1
|
Senior Member
Registered: Aug 2003
Location: Berkeley, CA
Distribution: Mac OS X Leopard 10.6.2, Windows 2003 Server/Vista/7/XP/2000/NT/98, Ubuntux64, CentOS4.8/5.4
Posts: 2,986
Rep:
|
SAMBA file transfers not secure - same for Windows?
I received a great book about SAMBA and was reading through it the other day. It mentioned that file transfers done between a SAMBA server and a Windows machine is not secure. So potentially someone could sniff the traffic between the two machines. I was wondering if this was the same case from a Windows to Windows machine.
|
|
|
01-15-2007, 09:49 PM
|
#2
|
Senior Member
Registered: Dec 2005
Location: Massachusetts, USA
Distribution: Ubuntu 10.04 and CentOS 5.5
Posts: 3,873
|
Yes it is the same for Windows. In fact, in Linux you can forward an application port to the ssh port which will encrypt the data and then send the data to its destination. Windows doesn't even have ssh available. You can find ssh for Windows as an open source project but Windows file transfers insecure by default. So Samba file transfers are insecure by default because it has to be compatible with Windows and because the SMB specification doesn't include encrypted file transfers.
To be fair, NFS file transfers are unencrypted as well. FTP file transfers are insecure too. All of these things were created before people became interested in security. Many or even most enterprise level networks are still living in the dark ages where people are not concerned about encryption over the network. I was recently listening to several technical "pod casts". I was very discouraged when I heard these system administrators saying things that indicated that they had no particular interest in security. I even heard one of them state the name and location of their employer and the name of that business's ISP. Amazing. That is business confidential information. I know. You could say that the information is available via public records accessed via dig or nslookup. Nevertheless I think it showed a real lack of good judgment for this guy to say "I work here at this business and in this city and we use XYZ for our ISP."
But. back to our story of Windows and Samba file encryption: we can bolt ssh on to the back end, so to speak, so we can make these file transfer utilities more secure than they are by default.
Last edited by stress_junkie; 01-15-2007 at 09:53 PM.
|
|
|
01-15-2007, 10:14 PM
|
#3
|
Senior Member
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658
Rep:
|
To add to the above, Samba and Windows File Shares should never be openly exposed to the internet. The lack of encryption and weak authentication measures make it an inappropriate service to be run in that manner. It was never designed to be a hardened protocol and should only be run inside of a secure network or only accessible once remote users have authenticated to a VPN which provides hardened auth and encryption.
|
|
|
01-16-2007, 12:20 AM
|
#4
|
Senior Member
Registered: Aug 2003
Location: Berkeley, CA
Distribution: Mac OS X Leopard 10.6.2, Windows 2003 Server/Vista/7/XP/2000/NT/98, Ubuntux64, CentOS4.8/5.4
Posts: 2,986
Original Poster
Rep:
|
Thank you both for your valuable input and information! I appreciate it!
The situation I have at work is a little complicated. We are in our own LAN, but at the same time, this LAN is exposed over the internet. I did not set up the network this way as the institution I work for did this. So Capt_caveman, yes my SAMBA could potentially be accessible over the internet, however, I set up my iptables to only allow local SAMBA connections which get filtered out if requests come outside from the internet. I also do as much filtering as possible with IP address and user authentications in the SAMBA configuration file.
|
|
|
All times are GMT -5. The time now is 08:07 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|