Is SMB windows 7 secure?

A

alexfmos2016-05-31 23:38:19

Computer networks

alexfmos, 2016-05-31 23:38:19

I wanted to share with myself, accessing my home computer (win7) from work or somewhere else. For a long time I used and continue to use the built-in VPN in teamviewer. There the scheme is as follows, we create a VPN connection, after which we go to the shared folders. The downside, just upping this VPN connection every time. Then it suddenly dawned on me that folders can be shared not only in LAN, but also over the Internet. Actually, all that was required for this was to add a couple of rules in the Windows firewall, and port forwarding in the router. There is a static ip. Everything works, everything is fine. But then I began to climb on the Internet, about the security of all this, and here and there, they write that samba on the Internet is opened by absolutely desperate and crazy people, something terrible awaits everyone and everyone who does it. But what exactly, I did not understand, and did not find.Is it true that someone is sitting on the Internet, and waiting for someone to open access via samba and start copying a file called "bank_card_and_pincode.txt" in order to intercept it?
Can someone explain to me why the option of sharing via smb access on windows 7 x64 is bad. Access is given to only one admin with a password. And in general, what are the disadvantages, and analogues, if you need to access files through the explorer or total commander. How to do this without running any software before each call.
By the way, I’ll add that my company, which is quite large, provides access to work files to all employees in general, in the same way, via smb, but it’s true there, it’s raised using NAS, which means, most likely, on Linux.

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

R

res2001, 2016-06-01
@alexfmos

In your case, VPN is needed, IMHO.
Teamviewer is still a third party, it would be better to do without it.
You can raise IPSec or OpenVPN to organize VPN. IPSec is built-in in Windows, though the setting is crap. In this regard, OpenVPN is much simpler. You can configure both options so that the VPN automatically rises.

S

Saboteur, 2016-06-01
@saboteur_kiev

Yes, in principle, no one bothers you. True, samba is not the best (productive) way for the Internet. It takes a long time to read catalogs.
I would recommend raising ftps under Windows with some kind of cerebrus ftp thread or something else

N

none7, 2016-06-01
@none7

Yes, it is not necessary to copy the file with the name "bank_card_and_pincode.txt" . After all, you are probably not using anonymous access, and having the ability for MITM to intercept the session will not be difficult. An authorized user can get into the hidden \\host\c$ directories and get remote access to the registry, not to mention RDP. Everything can end with the launch of a worm. So, without encryption, driving SMB traffic over the Internet is really not worth it and setting weak passwords on a machine open to the Internet is also not worth it.

K

Karmashkin, 2016-06-01
@Karmashkin

there is an opinion that:
1. samba does not work well if there are packet losses.
2. passwords are caught under certain conditions.
use better sftp or demonic webdav :)