Middlebury

Insecure Protocols

Microsoft Windows File Sharing

Microsoft Windows File Sharing (i.e. Mapped Drives and Shared Folders) is also known as CIFS and samba (SMB)

Recent versions of Samba/CIFS require a strong password to connect to a file, folder or a printer. However, communication that happens after the connection is established is not encrypted. Thus, data transferred (e.g. copying a file to a network drive, printing a document to a network printer) through shared folders and mapped drives is NOT encrypted.

Ways to fix this:

  • encrypt the files themselves via Microsoft's Encryption (but this denies access to other OSs)
  • place the files into an encrypted container:
    Weak options: password protected zip file, password protected archive (zip, etc)
    Strong options: TrueCrypt encrypted container
  • do not encrypt the files, instead encrypt the communication link via IPSEC
Powered by MediaWiki