[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Thoughts on Redhat 6.0

> >I had the same feeling.
> >
> >You can ( and should ) regulate access to SMBA using the hosts.allow
> >parameter in the smb.conf file.
>    To use an analogy, security is there to keep someone from stealing or
> damaging your car.  But the primary purpose of a car is to drive it.  If
> security makes it unable to drive, users will violate security.

SMB's security is trivial to break.  This is OK for an intranet were
people are working for the same goal and in addition there is a boss
who can retaliate in case an employee is misbehaving but it is very
dangerous on the Internet.  That is why Microsoft itself does not try
to push it for this task but it is trying to ready another protocol
called CIFS.

Of course if this is your personal box it is OK but if I were a boss
and I learned my employees are using SMB through the Internet for home
work I would have the security guy condemned to the fire squad.
Recidivists would be shipped to Redmond.  There are people who told me
the first penaly was OK but that despite the second one being only for
recidivists I would being trialed for war crimes.  ;-)

>    That said, the easiest way for a Windoze 95 user to access a remote
> network file system, is SMB shares.  It looks like a drive, it works
> with all those badly written programs...  My mother can actually do it
> this way!  Try and explain FTP to my mother...  Go ahead...  I have
> time. :-)
>    That said, the new Samba allows you to authenticate against an NT
> server, so no Linux passwords are compromised.  It allows hosts.allow
> and hosts.deny, as well as real file system security.  It is immune to
> all the NT hacks.  Yes, it has it's own vulnerabilities, but first the
> attacker has to find out it isn't an NT box. :-)  If you accept that SMB
> is needed to share files with the less educated, Linux/Samba is the way
> to do it.
> 			Lee