smbmount vs. smbclient
gboyce
gboyce at badbelly.com
Thu Mar 15 16:44:46 EDT 2007
On Tue, 13 Mar 2007, Kristian Hermansen wrote:
> On 3/13/07, jbk <jbk at mail2.gis.net> wrote:
>> No, I don't trust all the users on my network. I trust that
>> teenagers will seek out all corners of the data base if
>> something sparks their interest. I can't predict what that
>> is and I do have sensitive personal data on the server.
>
> I don't mean to sound brash....But!!!
>
> Sensitive personal data on the SMB server? You are aware that SMB
> sniffers can pick up that data and reconstruct it as soon as you
> transfer it right? No authentication is needed. Additionally,
> cracking SMB is not hard. So maybe you will keep out the 12 year
> olds, but those teens will have it cracked in no time!
On most NFS systems files and directories are secured through a
combination of IP restrictions and UID restrictions based on the unix
permission model.
The IP restrictions are placed by the server itself. Accessing a volume
that you are not on the IP list is difficult.
The UID restrictions are honored (or not) by the client system. If your
files are owned by UID 100 which should be mapped to your user, I can read
your files by creating a new user with uid 100 on my system.
(Note that newer NFS systems can use kerberos for user authentication, but
these systems are rare at this point).
On SMB file shares access to the files are restricted to an authenticated
user. Yes, you can break the encryption placed on the file transfers, but
that will only work if you have the ability to listen to all network
traffic which is difficult on a switched network.
On a network in which you cannot trust the users and systems this means
that a skilled attacker can potentially read files transfered by SMB while
a less skilled attacker can pull ALL files from your NFS file server.
--
Greg
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the Discuss
mailing list