NFS Windows/Linux

[mikebw at bilow.bilow.uu.ids.net (Mike Bilow)]

Derek Atkins wrote in a message to Mike Bilow:

 DA> The only problem is that SMB is completely insecure, cannot be 
 DA> secured, and leaves your windows machine virtually open to 
 DA> attack. NFS at least has some semblance of security, and newer 
 DA> versions of NFS will even incorporate Kerberos V5 security 
 DA> through the GSS_RPC security flavors.

 DA> If at all possible, I'd recommend you use NFS.  I'd recommend 
 DA> you _ONLY_ use SMB behind a facist firewall.  And I __HATE__ 
 DA> firewalls. 

I understood the original question to involve machines not connected to the
outside world, although your points would be valid if that were not the case.

Since NetBEUI is inherently unable to be routed, I would assume that it tends
to be fairly secure by default.  This is very different from TCPBEUI, which
obviously can cross routers.  I can't really imagine anyone running a TCP/IP
LAN without a firewall these days, and I'm not so sure that the firewall has to
be quite that fascist.

You're something of an expert on security, so I may as well ask: if the
firewall simply blocks all inbound traffic referencing ports 137, 138, and 139,
what risk is there to a TCPBEUI LAN?  Are there any legitimate reasons for
traffic from the public referencing these ports to cross a firewall?

   netbios-ns      137/tcp    NETBIOS Name Service
   netbios-ns      137/udp    NETBIOS Name Service
   netbios-dgm     138/tcp    NETBIOS Datagram Service
   netbios-dgm     138/udp    NETBIOS Datagram Service
   netbios-ssn     139/tcp    NETBIOS Session Service
   netbios-ssn     139/udp    NETBIOS Session Service
   #                          Jon Postel <postel at isi.edu>

 DA> N1NWH

I didn't know you were a ham!  Are you ever active on the Boston repeaters?
 
-- Mike, N1BEE