[plug] Samba query
Leon Brooks
leon at brooks.smileys.net
Wed Sep 20 16:29:25 WST 2000
Oliver White wrote:
> A friend of mine had a query about samba, which I said I'd ask for him.
> <IRC>
> <|kimba|> basically .. need to know how it intergrates between NT
> and Unix .. and if it provides the security model between the too .. or
> if the security still falls back to the unix ?
> </IRC>
Samba can operate at the wire-and-packets level with several different Windows
"security" models. None of which, it is important to note, are terribly secure.
http://www.l0pht.com/ for example, has excellent sniffing/cracking tools for SMB
(the normal Windows networking system) and PPTP (the normal Windows VPN system).
Given that all it takes for one of these tools to swing into action is for a
Windows client to read the wrong email or visit the wrong website, a network in
which a Windows machine (or protocol) participates is difficult to consider as
secure, although if for some insane reason you were to set up a SaMBa-only SMB
network, it would be slightly easier to protect.
A SaMBa server stores files on disk using the simple and powerful three-level
Unix security model. Even if the files are stored on an NTFS
partition/floppy/CD, this is still so to some extent. This is different to
Windows, which uses no security model at all (95/98/ME) or an ACL-based model
(NT/2000). It is fairly simple to map ACLs and Unix users/groups in parallel,
thus maintaining identical-in-effect security models on all systems. ACLs are
generally more difficult to maintain than the three-level security system.
Will the channel kick you if you paste that many words into it?
--
The use of COBOL cripples the mind; its teaching should, therefore,
be regarded as a criminal offense.
-- E. W. Dijkstra
More information about the plug
mailing list