Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

smbmount vs. smbclient



On Tue, 13 Mar 2007, Kristian Hermansen wrote:

> On 3/13/07, jbk <jbk at mail2.gis.net> wrote:
>> No, I don't trust all the users on my network. I trust that
>> teenagers will seek out all corners of the data base if
>> something sparks their interest. I can't predict what that
>> is and I do have sensitive personal data on the server.
>
> I don't mean to sound brash....But!!!
>
> Sensitive personal data on the SMB server?  You are aware that SMB
> sniffers can pick up that data and reconstruct it as soon as you
> transfer it right?  No authentication is needed.  Additionally,
> cracking SMB is not hard.  So maybe you will keep out the 12 year
> olds, but those teens will have it cracked in no time!

On most NFS systems files and directories are secured through a 
combination of IP restrictions and UID restrictions based on the unix 
permission model.

The IP restrictions are placed by the server itself.  Accessing a volume 
that you are not on the IP list is difficult.

The UID restrictions are honored (or not) by the client system.  If your 
files are owned by UID 100 which should be mapped to your user, I can read 
your files by creating a new user with uid 100 on my system.

(Note that newer NFS systems can use kerberos for user authentication, but 
these systems are rare at this point).

On SMB file shares access to the files are restricted to an authenticated 
user.  Yes, you can break the encryption placed on the file transfers, but 
that will only work if you have the ability to listen to all network 
traffic which is difficult on a switched network.

On a network in which you cannot trust the users and systems this means 
that a skilled attacker can potentially read files transfered by SMB while 
a less skilled attacker can pull ALL files from your NFS file server.

--
Greg

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.





BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org