[WLUG] Fwd: Samba security
lanewhoy
lanewhoy at gmail.com
Tue Oct 31 19:17:42 EDT 2017
Does your new environment provide storage off of NAS appliance systems that support multiple protocols? Using a common appliance that the Windows systems see as CIFS and the linux systems see as NFS or CIFS, and the security people see as a black box may be the best way to make everyone happy
Lane Hoy
Sent via the Samsung Galaxy S7, an AT&T 4G LTE smartphone
-------- Original message --------From: Jim Irrer <irrer at umich.edu> Date: 10/30/17 12:57 (GMT-05:00) To: "Washtenaw Linux Users Group (WLUG)" <washlug at washlug.org> Subject: [WLUG] Fwd: Samba security
The input is much appreciated!
It sounds like an up to date Samba server is as secure as a Windows file server.
Next time I talk to the IT people I plan to press for details regarding their Samba security concerns.
I also thought that encrypting network traffic would be a good idea. There are a few different avenues I need check out.
Thanks,
- Jim
Jim Irrer irrer at umich.edu (734) 647-4409
University of Michigan Hospital Radiation Oncology
519 W. William St. Ann Arbor, MI 48103-4943
---------- Forwarded message ----------
From: Jeff Hanson <jhansonxi at gmail.com>
Date: Sun, Oct 29, 2017 at 2:26 PM
Subject: Re: [WLUG] Samba security
To: "Washtenaw Linux Users Group (WLUG)" <washlug at washlug.org>
I suggest using network encryption and virtual LANs to isolate unauthenticated systems. I've never did it on my last IT job years ago but was something I looked into.
On my home network I've mostly switched to sshfs with keys.
On Sun, Oct 29, 2017 at 11:13 AM, Jim Irrer <irrer at umich.edu> wrote:
I'm looking for advice and opinions. Our department is migrating our Linux servers, which are running Samba, to a centranlized server farm. On a previous conference call they said that they had security concerns about running Samba. The call discussed a lot of topics so we did not go into detail.
I have another conference scheduled with them and intend to drill into this deeper. So my question is, are there legitimate concerns in this regard? We will only be exposing Samba on UM's hospital network, and it seems like a lot of the risk could be mitigated by using firewalls to limit access to a small set of machines. It would also seem that Samba is just an implementation of Windows SMB, and if that is already being commonly used, then why pick on Samba?
Any input would be appreciated!
Thanks - Jim
--
Thanks,
- Jim
Jim Irrer irrer at umich.edu (734) 647-4409
University of Michigan Hospital Radiation Oncology
519 W. William St. Ann Arbor, MI 48103-4943
______________________________________________________
washlug mailing list washlug web site
washlug at washlug.org www.washlug.org
http://linux.marcdatabase.com/mailman/listinfo/washlug
______________________________________________________
washlug mailing list washlug web site
washlug at washlug.org www.washlug.org
http://linux.marcdatabase.com/mailman/listinfo/washlug
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://linux.marcdatabase.com/pipermail/washlug/attachments/20171031/60610e21/attachment-0001.html>
More information about the washlug
mailing list