[snip other stuff] > Thanks for your suggestion. I have installed openvpn and the lzo library on > which it depends. > > One nagging question that I still have is : > > Does using openvpn (or any VPN solution in general) obviate the need to open > these vulnerable ports ? The little documentation that I have read so far > talk a lot about encryption. While that is important, I also need to think > about the ports (strangely, the firewall does not open any of those ports but > nmap -P0 run on the machine reveals that these ports are open : > > 139/tcp open netbios-ssn > 445/tcp open microsoft-ds ) > > Anyways, another concern I have is that while I have the samba server up and > running and all my users are happy with it, how much disruption and user
> effort can I expect when I implement openvpn ? Like typical windows users, > they value ease of use over security. Don't take me wrong, I will definitely > implement this if it contributes towards security, but I need to know this to > be able to tell my users what to expect. > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba Maybe I'm missing something, but wouldn't you want to place the VPN connections between your firewall and the mobile/end user, but not on the Samba server? I am assuming that you're not talking about the firewall on your server itself, but your firewall on the Internet/public connection. Those ports are particularly nasty because of the Windows operating system on which they typically run, not because of problems on linux. There's always the possibility of DOS attacks, or of some buffer overrun exploit being discovered, but I believe the chances of those happening are far less than your users being angry because you've tightened security to the point it's difficult to use the network. Jon Johnston Creative Business Solutions IBM, Microsoft, Novell/Suse, Sophos Consultants http://www.cbsol.com blog:http://bingo.cbsol.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
