1

Suppose I have several machines both Linux and Windows I want to connect to each other for file-sharing. Now I use mount -cifs command with vers=3.0 clause to access Windows shares from my Linux machines

mount -t cifs -o credentials=/etc/credentials.cred,vers=3.0,uid=1000,gid=1000 //192.168.137.1/folder /media/folder

and I also use standard Windows SMB/CIFS functionality to access Linux shares from Windows 10. What bothers me is the efficiency of such configuration.

I know that I can utilize encryption and signing in Windows, e.g. via Set-SmbServerConfiguration –RejectUnencryptedAccess $false, and I also know I can do this in Linux via smb.conf.

The question is: what is the most secure way to organize dual-way Samba sharing between Linux and Windows? Should I set up Linux as a server and Windows as client or vice versa?

It bothers me because of recent ransomware epidemic and impossibility to prohibit SMBv1 in Windows in such mixed heterogeneous landscape. When I turn off SMB/CIFS like this, my Linux boxes cannot access Windows boxes anymore.

Suncatcher
  • 282
  • 2
  • 13
  • While malware often spreads using vulnerabilities as a vector, it can also spread (and damage data) via authorized access. Your biggest win comes from keeping your patches up to date. Regarding your choice of technologies, a key factor is the availability of skills to setup your systems securely. If you already have have both these covered (prevention), then maybe you should consider directing your efforts towards detection and isolation? – symcbean Jul 07 '17 at 23:22
  • @symcbean, of course I am aware that ransomware can spread via authorized connections, that's why I want to enable signing and encryption. The question is what configuration is treated as most reliable/secure by gurus: Windows (client) >> Linux (server) or Linux (client) >> Windows (server)? – Suncatcher Jul 08 '17 at 06:51
  • Isolation/detection is the next step of my security roadmap :) – Suncatcher Jul 08 '17 at 06:52

0 Answers0