True SSH and WebDAV are better options, but that's changing the topic. I'm guess since it's an "untrusted server" that someone else is administering it. So using a different protocol probably isn't an option.
As far as being less likely to draw attention from attackers than opening up SMB ports, the key here is to only open SMB ports to allow communication between the server and client. Don't just open SMB ports to the world because you need to communicate with one IP address on the other side of your firewall. That's as silly as opening all ports on a server, just because you need one open. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of James (njan) Eaton- > Lee > Sent: Thursday, March 22, 2007 1:15 PM > To: Jim Harrison > Cc: [EMAIL PROTECTED]; [email protected] > Subject: Re: Shared drives through a firewall > > > Jim Harrison wrote: > > You might consider using FTPS or SSH connections; they're relatively > > secure, depending on the server/client package you select. > > Webdav is under-promoted in these scenarios - it's built on top of a > well-understood and easily securable protocol (http), and it has great > crossplatform support. Webdav allows access either via a webdav client > that supports writing (windows explorer and gnome/nautilus both do > this, > and OSX/KDE/$desktopofchoice probably do too) or a standard http client > (ie, lynx, firefox). It supports well-understood mechanisms to encrypt > traffic (TLS/SSL) and authenticate users (http basic auth). > > It has good application layer support from a wide variety of reverse > proxy/firewall products (including ISA) designed for protecting web > traffic if you choose to expose it externally. > > It's also fairly difficult to distinguish from a regular webserver, so > it's far less likely to draw attention from attackers than opening up > SMB ports, particularly if you had a webserver running anyway. > > There's also been webdav support in IIS and in Apache for quite some > time... > > - James. > > -- > James (njan) Eaton-Lee | UIN: 10807960 | http://www.jeremiad.org > > "The universe is run by the complex interweaving of three > elements: Energy, matter, and enlightened self-interest." - G'Kar > > https://www.bsrf.org.uk | ca: https://www.cacert.org/index.php?id=3 > --
