|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: Operational impact of filtering SMB/NETBIOS traffic?
How closely have you looked at Samba sources? BTW, I've done it through SSH tunnels too. The problem is that some SAs (a fair large percentage) think that a port labeled "secure" (port 22) means that they have to take special care to make sure that it is blocked (yes, they are the recently lobotomized). So, three-quarters of the time, a VPN is not do-able and you are forced to go plain-text direct. If, in addition, you block the NetBIOS ports then you block application-level access for 80% of internet users. > -----Original Message----- > From: [email protected] [mailto:[email protected]] > Sent: Sunday, November 19, 2000 8:19 AM > To: Roeland Meyer > Cc: 'Scott Call'; [email protected] > Subject: Re: Operational impact of filtering SMB/NETBIOS traffic? > > > On Sat, 18 Nov 2000 20:19:12 PST, Roeland Meyer > <[email protected]> said: > > shares on the internet? We use SMB/Samba INSTEAD of NFS > because we believe > > SMB to be more secure. smb.conf certainly gives more > security options than > > exports does. > > Don't confuse "more options" with "more security". > > A protocol can have dozens of options, but yet be > fundementally insecure. > -- > Valdis Kletnieks > Operating Systems Analyst > Virginia Tech > >
|