Re: Do I need these ports open?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Tim wrote:
On Fri, 2007-04-20 at 11:13 +1000, Simon Slater wrote:
shouldn't the samba and nfs ports be also open to others on the LAN?

Only if you want them to be, not by default.  There's plenty of computer
systems which don't do any sort of file sharing between them.

Right - and if they are going to do moving files around, they do it encrypted over ssh one way or another. If you have decided to defeat the external firewall completely, exposing all those ports, that is not a good situation security-wise (although IIRC this is one of the reasons I decided never to use NFS).

It's a bit of a false comfort to consider the local network any safer than the WAN side... if an attacker has gained control of a machine on the LAN then attacks and monitoring from inside the LAN can be expected. So PCs on the LAN should not trust another box on the LAN any more than they trust a random box from another country.

In the same vein, if you are using strongly encrypted wireless networks... it's encrypted alright from the outside, but all your traffic and connections are totally visible to any other boxes inside your network that have the same key, and typically there are indeed other local boxes using the wireless network too. An attacker who has owned a box that authenticates to your wireless network, or nosy person with legit access can sniff everything you do from your box unencrypted despite the use of strong encryption on the network, making it important to use ssh tunnels or some other encryption that only you have the key for.

-Andy


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux