<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"></head><body><div>Does your new environment provide storage off of NAS appliance systems that support multiple protocols? Using a common appliance that the Windows systems see as CIFS and the linux systems see as NFS or CIFS, and the security people see as a black box may be the best way to make everyone happy</div><div><br></div><div>Lane Hoy</div><div><br></div><div><br></div><div><br></div><div id="composer_signature"><div style="font-size:85%;color:#575757" dir="auto">Sent via the Samsung Galaxy S7, an AT&T 4G LTE smartphone</div></div><div><br></div><div style="font-size:100%;color:#000000"><!-- originalMessage --><div>-------- Original message --------</div><div>From: Jim Irrer <irrer@umich.edu> </div><div>Date: 10/30/17 12:57 (GMT-05:00) </div><div>To: "Washtenaw Linux Users Group (WLUG)" <washlug@washlug.org> </div><div>Subject: [WLUG] Fwd: Samba security </div><div><br></div></div><div dir="ltr"><div>The input is much appreciated!</div><div><br></div><div>It sounds like an up to date Samba server is as secure as a Windows file server.</div><div><div><br></div>Next time I talk to the IT people I plan to press for details regarding their Samba security concerns.</div><div><br></div><div>I also thought that encrypting network traffic would be a good idea. There are a few different avenues I need check out.<br></div><br clear="all"><div><div><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">Thanks,<br><br>- Jim<br><br>Jim Irrer <a href="mailto:irrer@umich.edu" target="_blank">irrer@umich.edu</a> (734) 647-4409<br>University of Michigan Hospital Radiation Oncology<br>519 W. William St. Ann Arbor, MI 48103-4943</div></div></div>
<br><div class="gmail_quote">---------- Forwarded message ----------<br>From: <b class="gmail_sendername">Jeff Hanson</b> <span dir="ltr"><<a href="mailto:jhansonxi@gmail.com">jhansonxi@gmail.com</a>></span><br>Date: Sun, Oct 29, 2017 at 2:26 PM<br>Subject: Re: [WLUG] Samba security<br>To: "Washtenaw Linux Users Group (WLUG)" <<a href="mailto:washlug@washlug.org">washlug@washlug.org</a>><br><br><br><div dir="ltr"><div>I suggest using network encryption and virtual LANs to isolate unauthenticated systems. I've never did it on my last IT job years ago but was something I looked into.<br><br></div>On my home network I've mostly switched to sshfs with keys.<br></div><div class="gmail_extra"><br><div class="gmail_quote"><div><div class="h5">On Sun, Oct 29, 2017 at 11:13 AM, Jim Irrer <span dir="ltr"><<a href="mailto:irrer@umich.edu" target="_blank">irrer@umich.edu</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5"><div dir="auto">I'm looking for advice and opinions. Our department is migrating our Linux servers, which are running Samba, to a centranlized server farm. On a previous conference call they said that they had security concerns about running Samba. The call discussed a lot of topics so we did not go into detail.</div><div dir="auto"><br></div><div dir="auto">I have another conference scheduled with them and intend to drill into this deeper. So my question is, are there legitimate concerns in this regard? We will only be exposing Samba on UM's hospital network, and it seems like a lot of the risk could be mitigated by using firewalls to limit access to a small set of machines. It would also seem that Samba is just an implementation of Windows SMB, and if that is already being commonly used, then why pick on Samba?</div><div dir="auto"><br></div><div dir="auto">Any input would be appreciated!</div><div dir="auto"><br></div><div dir="auto">Thanks - Jim</div><span class="m_-463118261842940476HOEnZb"><font color="#888888"><div dir="auto"><br></div><div dir="ltr">-- <br></div><div class="m_-463118261842940476m_-5829826382965464601gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">Thanks,<br><br>- Jim<br><br>Jim Irrer <a href="mailto:irrer@umich.edu" target="_blank">irrer@umich.edu</a> <a href="tel:(734)%20647-4409" value="+17346474409" target="_blank">(734) 647-4409</a><br>University of Michigan Hospital Radiation Oncology<br>519 W. William St. Ann Arbor, MI 48103-4943</div></div>
</font></span><br></div></div><span class="">______________________________<wbr>________________________<br>
washlug mailing list washlug web site<br>
<a href="mailto:washlug@washlug.org" target="_blank">washlug@washlug.org</a> <a href="http://www.washlug.org" rel="noreferrer" target="_blank">www.washlug.org</a><br>
<a href="http://linux.marcdatabase.com/mailman/listinfo/washlug" rel="noreferrer" target="_blank">http://linux.marcdatabase.com/<wbr>mailman/listinfo/washlug</a><br>
<br></span></blockquote></div><br></div>
<br>______________________________<wbr>________________________<br>
washlug mailing list washlug web site<br>
<a href="mailto:washlug@washlug.org">washlug@washlug.org</a> <a href="http://www.washlug.org" rel="noreferrer" target="_blank">www.washlug.org</a><br>
<a href="http://linux.marcdatabase.com/mailman/listinfo/washlug" rel="noreferrer" target="_blank">http://linux.marcdatabase.com/<wbr>mailman/listinfo/washlug</a><br>
<br></div><br></div></div></div>
</body></html>