Ten Practical Security Steps
Protect Disk Shares

6. Do not allow any file system sharing protocols such as NFS, Netbios (SMB or Samba) or AppleShare in from or out to the Internet.

Firewalls discussed previously are the prime tool for accomplishing this. In many environments, some of these services are essential on the LAN and cannot be turned off but the firewall can and should keep them on your LAN.

If it is essential that you use one or more of these protocols with remote sites and you don't have dedicated WAN connections, then you must use Virtual Private Network (VPN) technology. Get a knowledgeable security expert to set this up. Also be sure that any and all remote ends use firewall technology with rule sets comparable to yours. If they don't, then your VPN will become an intruder's highway right to your drives. All it does is add a few IP hops between them and you.

Top of Page - Site Map

Copyright © 2000 - 2006 by George Shaffer. This material may be distributed only subject to the terms and conditions set forth on http://GeodSoft.com/terms.htm. These terms are subject to change. Distribution is subject to the then current terms, or at the choice of the distributor, those defined in a verifiably dated printout or electronic copy of http://GeodSoft.com/terms.htm at the time of the distribution. Distribution of substantively modified versions of GeodSoft content is prohibited without the explicit permission of George Shaffer. Distribution of the work or derivatives of the work, in whole or in part, for commercial purposes is prohibited unless prior permission is obtained from George Shaffer. Distribution in accordance with these terms, for private, unrestricted and uncompensated public access, non profit, or internal company use is allowed.