<div dir="ltr"><div>I suggest using network encryption and virtual LANs to isolate unauthenticated systems. I've never did it on my last IT job years ago but was something I looked into.<br><br></div>On my home network I've mostly switched to sshfs with keys.<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Sun, Oct 29, 2017 at 11:13 AM, Jim Irrer <span dir="ltr"><<a href="mailto:irrer@umich.edu" target="_blank">irrer@umich.edu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="auto">I'm looking for advice and opinions. Our department is migrating our Linux servers, which are running Samba, to a centranlized server farm. On a previous conference call they said that they had security concerns about running Samba. The call discussed a lot of topics so we did not go into detail.</div><div dir="auto"><br></div><div dir="auto">I have another conference scheduled with them and intend to drill into this deeper. So my question is, are there legitimate concerns in this regard? We will only be exposing Samba on UM's hospital network, and it seems like a lot of the risk could be mitigated by using firewalls to limit access to a small set of machines. It would also seem that Samba is just an implementation of Windows SMB, and if that is already being commonly used, then why pick on Samba?</div><div dir="auto"><br></div><div dir="auto">Any input would be appreciated!</div><div dir="auto"><br></div><div dir="auto">Thanks - Jim</div><span class="HOEnZb"><font color="#888888"><div dir="auto"><br></div><div dir="ltr">-- <br></div><div class="m_-5829826382965464601gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">Thanks,<br><br>- Jim<br><br>Jim Irrer <a href="mailto:irrer@umich.edu" target="_blank">irrer@umich.edu</a> <a href="tel:(734)%20647-4409" value="+17346474409" target="_blank">(734) 647-4409</a><br>University of Michigan Hospital Radiation Oncology<br>519 W. William St. Ann Arbor, MI 48103-4943</div></div>
</font></span><br>______________________________<wbr>________________________<br>
washlug mailing list washlug web site<br>
<a href="mailto:washlug@washlug.org">washlug@washlug.org</a> <a href="http://www.washlug.org" rel="noreferrer" target="_blank">www.washlug.org</a><br>
<a href="http://linux.marcdatabase.com/mailman/listinfo/washlug" rel="noreferrer" target="_blank">http://linux.marcdatabase.com/<wbr>mailman/listinfo/washlug</a><br>
<br></blockquote></div><br></div>