Re: [SLE] Duelling SAMBAs
From: Joaquin Menchaca (linuxuser_at_finnovative.net)
Date: Thu, 06 Jan 2005 11:11:49 -0800 To: email@example.com
Örn Einar Hansen wrote:
>Şann Şriğjudagur 04 janúar 2005 18:36 skrifaği Joaquin Menchaca:
>>Lastly, SAMBA requires authentication, while NFS does not. You have to
>>map SMB-style accounts to UNIX accounts, which can be cumbersome, but
>>does provide a level of security. However, NFS requires the UID to
>>match, but doesn't do any sort of authentication. This can be considered
>>rather dangerous, as a hacker can find the UIDs and get access to the
> True, for the most part ... there is something called NIS that works in
>coherence with NFS. Point is, if you have two, or more, Linux or Unix
>machines, that already handle authendication adequately. You are likely to
>want a "common" userbase, for ease of administration. I see no reason to add
>more authendication protocols to that, unless the system is volatile and the
>network is insecure ... but I'm not running the pentagon at home.
>My 2¢ worth,
NIS has very weak security. For that reason, it is never used by any
companies that have any slight concern over security. You'd be amazed
how resource hackers can be once they find a way to worm into your
network. However, it is doubtful that the general hacker would bother
with household systems, rather than high profile prestige places. If
one did, it'd probaly be to zombie machines for a coordinated DoS attack
against something like SCO.
For my network, due to my Linksys problems with Wi-Fi security, I avoid
opening up any computer, as unknown neighbors can have fun. So, all of
my computers (about a half-score of them) are firewalled, in addition to
the main firewall. I'm now setting up a permiter network and a private
network, so I won't have to worry as much.
ps - speaking of which, any good how-tos to turn Linux into a WAP? Is
there support for WPA and using RADIUS authentication for WPA?
-- Check the headers for your unsubscription address For additional commands send e-mail to firstname.lastname@example.org Also check the archives at http://lists.suse.com Please read the FAQs: email@example.com