Date: Sun, 20 Aug 2000 07:00:05 -0600 From: Joe Warner <jswarner@uswest.net> To: "Rashid N. Achilov" <achilov@granch.ru> Cc: freebsd-newbies@FreeBSD.ORG, Jason La <jasonla_@hotmail.com> Subject: Re: Samba Question Message-ID: <399FD655.AA4D81A@uswest.net> References: <XFMail.000820105338.shelton@sentry.granch.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
--------------B471CA6D6E1CE920EE9B6D0F
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
I think, plaintext password is A BIG HOLE in network security.
It certainly is a big hole in network security and circumvents the security that's put in place when you
install NT. However, IMHO, for it to be a hole, you need to have something to hide or to protect. In
my case, I don't store any sensitive data on my WIN NT 4.0 (sp 6) machine and really don't care if
someone breaks into it. The only thing that would annoy me is if somone broke in and trashed it. This
wouldn't bother me too bad, since I have a current ghost image of my configuration on CD and it would
take me about 20 minutes to pour it back on. As far as traffic sniffing goes, I'm sure there are tons
of apps and methods out there that could capture/expose a lot of information, regardless of whether
plaintext passwords are enabled or not. Knowing this, you certainly wouldn't want to make it easy for
someone. However, I believe the best security you could have would be to get good and frequent backups
of your system and don't have anything someone would want to steal. I tend to care less about my WIN NT
machine and focus most of my attention/efforts on my PC running FreeBSD. That's where all the good
stuff is! 8^)
Joe
"Rashid N. Achilov" wrote:
> On 19-Aug-00 Joe Warner wrote:
> >
> > I'm assuming that you're trying to connect to your Samba server via WIN
> > NT? If so, you need to go into the registry and add a key that enables
> > plaintext passwords. You can find information on how to do this in
> > /usr/local/share/doc/samba.
> >
>
> I think, plaintext password is A BIG HOLE in network security. I'd recommend use it only when you
> absolutely sure, that nobody can steal/snoop/catch/listen (or other many methods :-) ) your traffic.
> If you aren't sure, you have to read DOMAIN_CONTROL.txt, ENCRYPTION.txt, NTDOMAIN.txt and
> Passwords.txt (and Samba doc catalog contained many other useful hints :-) ), which describes how
> to use encrypted native NT passwords. If you have NT domain controller, you can include Samba
> computer into NT domain and now it will be check passwords through NT server.
> --
> With Best Regards.
> Rashid N. Achilov (RNA1-RIPE), Brainbench ID: 28514, Granch Ltd. lead engineer
> e-mail: achilov@granch.ru, tel (383-2) 24-2363
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-newbies" in the body of the message
--
FreeBSD = The Power to Serve
..Simply put = FreeBSD Rocks!
--------------B471CA6D6E1CE920EE9B6D0F
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
<i>I think, plaintext password is A BIG HOLE in network security.</i><i></i>
<p>It certainly is a big hole in network security and circumvents the security
that's put in place when you install NT. However, IMHO, for it to
be a hole, you need to have something to hide or to protect. In my
case, I don't store any sensitive data on my WIN NT 4.0 (sp 6) machine
and really don't care if someone breaks into it. The only thing that
would annoy me is if somone broke in and trashed it. This wouldn't
bother me too bad, since I have a current ghost image of my configuration
on CD and it would take me about 20 minutes to pour it back on. As
far as traffic sniffing goes, I'm sure there are tons of apps and methods
out there that could capture/expose a lot of information, regardless of
whether plaintext passwords are enabled or not. Knowing this, you
certainly wouldn't want to make it easy for someone. However, I believe
the best security you could have would be to get good and frequent backups
of your system and don't have anything someone would want to steal.
I tend to care less about my WIN NT machine and focus most of my attention/efforts
on my PC running FreeBSD. That's where all the good stuff is!
8^)
<p>Joe
<br>
<p>"Rashid N. Achilov" wrote:
<blockquote TYPE=CITE>On 19-Aug-00 Joe Warner wrote:
<br>>
<br>> I'm assuming that you're trying to connect
to your Samba server via WIN
<br>> NT? If so, you need to go into the registry and add a key that
enables
<br>> plaintext passwords. You can find information on how to do
this in
<br>> /usr/local/share/doc/samba.
<br>>
<p>I think, plaintext password is A BIG HOLE in network security. I'd recommend
use it only when you
<br>absolutely sure, that nobody can steal/snoop/catch/listen (or other
many methods :-) ) your traffic.
<br>If you aren't sure, you have to read DOMAIN_CONTROL.txt, ENCRYPTION.txt,
NTDOMAIN.txt and
<br>Passwords.txt (and Samba doc catalog contained many other useful hints
:-) ), which describes how
<br>to use encrypted native NT passwords. If you have NT domain controller,
you can include Samba
<br>computer into NT domain and now it will be check passwords through
NT server.
<br>--
<br> With Best Regards.
<br> Rashid N. Achilov (RNA1-RIPE), Brainbench ID: 28514, Granch
Ltd. lead engineer
<br> e-mail: achilov@granch.ru, tel (383-2) 24-2363
<p>To Unsubscribe: send mail to majordomo@FreeBSD.org
<br>with "unsubscribe freebsd-newbies" in the body of the message</blockquote>
<p>--
<p> FreeBSD = The Power to Serve
<br> ..Simply put = FreeBSD Rocks!
<br> </html>
--------------B471CA6D6E1CE920EE9B6D0F--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-newbies" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?399FD655.AA4D81A>