Date: Tue, 13 Sep 2005 18:40:39 -0400 From: Charles Swiger <cswiger@mac.com> To: Joachim Dagerot <jd@dagerot.com> Cc: freebsd-questions@freebsd.org Subject: Re: Securing samba? Message-ID: <C59A4BB2-7F7E-4D2D-A36E-A37788EBD643@mac.com> In-Reply-To: <200509132215.j8DMFDNV020344@amail1.space2u.com> References: <200509132215.j8DMFDNV020344@amail1.space2u.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sep 13, 2005, at 6:15 PM, Joachim Dagerot wrote: > However, due to some windows clients in the network we are forced > to run samba. Are there any known security problems with that? Windows networking does not have a great track record in terms of security, and Samba has had about a dozen security bugs over the past four years: http://us1.samba.org/samba/history/security.html This record is pretty decent considering the range of protocols they are dealing with, don't get me wrong, but I would not rely on the version of Samba available today being completely secure, either. > Is there a way to tunnel the file traffic over SSH without any > trouble for the users? Not short of setting up a full VPN, no. > (It's ok to install keys etc on their machine, but they must only > be forced to login with the windows password). > > I guess my question are two: > > 1. Is samba safe enough to run on the LAN side of a machine that > are available from the internet only on port 22 and only for users > with a RSA key? Samba is fine if restricted to a LAN with a firewall blocking the Windows ports like 135-139 TCP and UDP, 445, etc. > 2. Is there a better file sharing system that works good for the > windows users than samba? Not really. You can set up PCNFS on the Windows boxes, but that doesn't work as well as Samba does... -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C59A4BB2-7F7E-4D2D-A36E-A37788EBD643>