Ha figyelmesen olvastal, akkor egyetlen javaslatodra reagaltam, hogy a fajlszervert kirakjuk az internetre.
Tovabbra sem tartom jo otletnek, s az interneten is ezt mondjak nalam okosabbak.
Raadasul szerintem a sulineten az SMB-hez szukseges portok tiltottak, de ne legyen igazam.
Senkinek se ajanlanam internetre kirakni egy a belso halora valo szolgaltatast!
Nehány megjegyzes az interneten a temaban, csak, hogy ne csak en mondjam, hogy nem jo otlet:
https://community.spiceworks.com/topic/2114184-is-smb-3-1-1-secured-over-the-internet
Even though SMB 3.1 is encrypted I still wouldn't use it over
the internet for several reasons:
1. It's a huge flag for hackers looking for SMB ports, you will
see hack attempts
2. Most companies will not allow SMB outbound so it's not going
to work in a lot of places.
If access to a file share is required, either use a VPN to
connect to the network first or something like
owncloud/nextcloud.
https://superuser.com/questions/311658/make-a-network-drive-available-over-the-internet
Also, don't forget that the Windows' SMB service has in the past
been
a very frequent infection target. While most Windows exploits do
not
affect Samba in any way, this is still worth remembering
(and often means that the SMB ports get blocked at ISP level)
https://arstechnica.com/civis/viewtopic.php?f=17&t=1435021
The big question is the impact of any vulnerabilities to SMB, of which there have been loads over the years. It's kind of Russian Roulette, because if you are fully patched it should be OK, but zero days will be able to be utilized by those scanning the internet for port 445 response and you need to be able to patch immediately.
Most consumer ISPs flat out block DST port 445, so it won't work reliably anyway.
https://www.ixsystems.com/community/threads/how-to-windows-smb-over-internet.48749/
Do not expose Samba to the Internet. Bad things will happen. You may want to consider setting up a VPN server of some kind. Plenty of OpenVPN server how-to's on this forum.
http://www.zeitoun.net/articles/samba-over-internet/start
Wow, what a bad idea! Do you really want to open a samba share
to the internet?
Why don't you try a secure shell tunnel? Much more secure.
https://security.stackexchange.com/questions/155169/is-it-risky-to-allow-smb-traffic-to-the-internet
Yes it is risky.
While I don't know about any "exploits" that may be out there in
the wild, what I do know is that anybody with the right username
and password could get access to the disk drives that are
exposed.
Presumably there is an administrator-level account on the
computer that would allow full access.
I don't believe SMB limits the speed at which someone could run
a dictionary of most-used passwords to try to get into
Administrator, but it is possible to do it slowly, even if it
does.
All in all, it seems like a bad idea to do it without first
setting up an encrypted tunnel of some kind like a VPN. Or like
SCP in Linux.
-- Udv: Molnar Peter http://www.petersoft.hu
_______________________________________________ Techinfo mailing list [email protected] Fel- és leiratkozás: http://lista.sulinet.hu/cgi-bin/mailman/listinfo/techinfo Illemtan: http://www.szag.hu/illemtan.html Ügyfélszolgálat FAQ: http://sulinet.niif.hu/
