[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Thoughts on Redhat 6.0

>SMB's security is trivial to break.  This is OK for an intranet were
>people are working for the same goal and in addition there is a boss
>who can retaliate in case an employee is misbehaving but it is very
>dangerous on the Internet.  That is why Microsoft itself does not try
>to push it for this task but it is trying to ready another protocol
>called CIFS.

   Yes it is.  That is one of the main things I am liking about Samba.
It is a MUCH more secure implementation of SMB sharing.  I am still
working on weather it can FORCE encrypted passwords, but it can hand off
authentication to NT, and NT can.  I also like the fact that one OS can
handle authentication, while another handles file security.  Put a
source routed packet filter on your router as well, and your hacker
needs expertise in 3 OSs to get in.  It gets into the "too much trouble"
class then. :-)
   Also, the last survey I read stated that %60 of data loss <distorted
or dispersed> came from internal hacks.  <%30 virus damage %18 external
hacks, %12 hardware failure>  The real danger is inside, and Samba on
Linux allows syslog, a tripwire...
   I am not trying to say SMB is a good thing, but that it is the only
thing for most users.  And the secure way to go is Linux/Samba. :-)  I
have a feeling that CIFS will have similar problems on NT.

>Of course if this is your personal box it is OK but if I were a boss
>and I learned my employees are using SMB through the Internet for home
>work I would have the security guy condemned to the fire squad.
>Recidivists would be shipped to Redmond.  There are people who told me
>the first penaly was OK but that despite the second one being only for
>recidivists I would being trialed for war crimes.  ;-)

   Hehe...  Here is another funny bit.  smbclient -L is easier to script
than the NT equivalent.  I just mapped out all the shares on my network
last night.  I have been making phone calls this morning. :-)  I am in
no danger of loosing my perceived deification. :-)  I am so amused that
some of the best NT management tools are on Linux.  And "this little
stripped down home version" to boot. ;-)