HI everyone. I want to hear your opinions as to the security of having samba running on my linux box. I have a small lan running behind a broadband router which acts as a firewall. I have a linux box (suse 8.2) which I use as an apache/php/mysql server. On the linux box is a personal website containing a very large photo album - I would like to have samba running to speed up the process of transfering files (photos) from a (ehhhh) win2k machine to the SuSE server. How much of a security threat would I be opening myself up to if I enabled Samba. My router blocks traffic, except port 80. Would it be safer / better to use a FTP server instead? Any suggestions would be greatly appreciated. Regards from Denmark. Dan Eskildsen
I have a small lan running behind a broadband router which acts as a firewall. I have a linux box (suse 8.2) which I use as an apache/php/mysql server. On the linux box is a personal website containing a very large photo album - I would like to have samba running to speed up the process of transfering files (photos) from a (ehhhh) win2k machine to the SuSE server. How much of a security threat would I be opening myself up to if I enabled Samba. My router blocks traffic, except port 80.
Would it be safer / better to use a FTP server instead?
Any suggestions would be greatly appreciated. Much depends on whether how you want to transfer. With Samba (and SMBFS) you can mount a Windows share on the Linux box and export a Linux
On Sat, 14 Jun 2003 12:23:31 +0200 "Dan Eskildsen" <netops@tdcadsl.dk> wrote: directory as a share. IMHO, opening up an ftp server is probably more of a security threat than Samba, especially since your router is blocking all ports other than 80. -- Jerry Feldman <gaf@blu.org> Boston Linux and Unix user group http://www.blu.org PGP key id:C5061EA9 PGP Key fingerprint:053C 73EC 3AC1 5C44 3E14 9245 FB00 3ED5 C506 1EA9
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday 14 June 2003 05:23, Dan Eskildsen wrote:
HI everyone.
I want to hear your opinions as to the security of having samba running on my linux box.
I have a small lan running behind a broadband router which acts as a firewall. I have a linux box (suse 8.2) which I use as an apache/php/mysql server. On the linux box is a personal website containing a very large photo album - I would like to have samba running to speed up the process of transfering files (photos) from a (ehhhh) win2k machine to the SuSE server. How much of a security threat would I be opening myself up to if I enabled Samba. My router blocks traffic, except port 80.
Would it be safer / better to use a FTP server instead?
Any suggestions would be greatly appreciated.
Regards from Denmark.
Dan Eskildsen
Either can be secure, if you follow the correct guidelines. You should be able to find various documentation on both across the internet. Both can be used through the PAM( Pluggable Authentication Modules) services. There is a module for both SMB, and FTP. I'd definitly give these a try. - -- Thomas Jones Linux-Howtos Network Administrator OpenGPG Key: 0x6A3DF6E9 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux) iD8DBQE+6yx4QT2komo99ukRAri6AJ0bsqDe7xpTXmjbqZjgefpEYv/zgwCfTcRt Ow6GrdPwN4ZHV2Y04t6RvnQ= =gmms -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alle 12:23, sabato 14 giugno 2003, Dan Eskildsen ha scritto:
HI everyone.
I want to hear your opinions as to the security of having samba running on my linux box.
I have a small lan running behind a broadband router which acts as a firewall. I have a linux box (suse 8.2) which I use as an apache/php/mysql server. On the linux box is a personal website containing a very large photo album - I would like to have samba running to speed up the process of transfering files (photos) from a (ehhhh) win2k machine to the SuSE server. How much of a security threat would I be opening myself up to if I enabled Samba. My router blocks traffic, except port 80.
I do not understand, you are not in a trusted lan? However I think in a LAN SMB should be better (it is what it is designed for). If your provider blocks everything except port 80, then SMB or FTP is not something interesting for the outside world. If it would not block enough, just setup iptables or SuSEfirewall2.
Would it be safer / better to use a FTP server instead? In a LAN SMB should be more usable. For security, if you use proftpd or wuftpd you are not very secure. BTW just use the service more usable and block out your LAN's machines which are not supposed (trusted?) tu use SMB.
Praise -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux) iD8DBQE+7WkZ6v3ZTabyE8kRAlegAJ9v2xGg9WsCKXMmCdGLSAYCqtujqwCgkzfK 2S8Uqy6d6OWbUu4dJbwEMmo= =h23b -----END PGP SIGNATURE-----
Hi, On Monday 16 June 2003 14:52, Praise wrote:
In a LAN SMB should be more usable. For security, if you use proftpd or wuftpd you are not very secure.
would you elaborate more on this? Why is SMB is more secure -- is SMB use encryption to transmit username/password? -- -- Verdi March --
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alle 15:54, lunedì 16 giugno 2003, Verdi March ha scritto:
Hi,
On Monday 16 June 2003 14:52, Praise wrote:
In a LAN SMB should be more usable. For security, if you use proftpd or wuftpd you are not very secure.
would you elaborate more on this? Why is SMB is more secure -- is SMB use encryption to transmit username/password?
SMB uses encryption to transmit username/password if it is set up to do so. But that was not my point: proftpd and wuftpd have had many securty bugs. It's Better using vsftpd or pureftpd imho. SMB is designed ONLY for LANS, as it needs some bandwidth to update browsing tables and so on. Moreover the protocol is flawed, so it should be used only for LANs with well known (and trusted) clients, imho. It is not good at all to be used on the internet, if you dont use some kind of VPN. Read this: http://www.securiteam.com/windowsntfocus/5WP0L009PK.html Praise -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux) iD8DBQE+7y9W6v3ZTabyE8kRAj39AJ9dwlEU4sruMF1bCBQ6LIRHKM/7cgCeNJDE p/z27tQLJ1xRz/mWmRPRjEM= =4WGW -----END PGP SIGNATURE-----
participants (5)
-
Dan Eskildsen -
Jerry Feldman -
Praise -
Thomas Jones -
Verdi March