On Tuesday 25 February 2003 15:02, Francis Lau wrote: > If we plan to use samba/windows 's way of encrypting passwords (LanManager > / Windows NT MD4) then we don't need a VPN. I would think that all the > user has to do is connect by typing \\some.domain.name.ca\sharefolder > using ports 137/139. Am I correct here? Please correct me if I am wrong. > > Would there be any security risks if we were to implement samba this way? > > Many thanks, > Francis
1. The smb/cifs/whatever connection itself is NOT encrypted. So all the files could be read by anyone with access to a machine it crosses. 2. The encrypted passwords are weak. There is documentation that comes with releases that explains this better than I understand it. 3. Many ISP's block ports 137/139. A large number of people have filesharing available without knowing it. Those are some thoughts off of the top of my head. mark -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
