Re: how secure are password protected shares?
- From: "funkyj" <funkyj@xxxxxxxxx>
- Date: 13 Dec 2005 09:37:29 -0800
>> That's a question for Western Digital.
> Actually, that is only part of the equation.
Neteng: Presumably the WD-NetCenter product is sharing files using the
SMB or CIFS protocol from Microsoft (I'll follow up on the question
with WD). My question is "what vulnerabilities are there in the SMB or
CIFS protocols with regards to password protected shares". SMB/CIFS
being secure against eavesdropping and man-in-the-middle attacks is a
necessary (but not sufficient) requirement for password protected
shares to be secure.
> Thus, to achieve any security you need to access the device in such a
> way that the password isn't stored on the local computer.
Ian: While it is less than ideal, I am willing to accept this weakness.
If a hacker cracks my laptop of home PC then I'm screwed anyways
(IMO). My real world scenario is this:
I connect the WD-Netcenter to a open 802.11b wireless LAN. Can a
passerby or neighbor crack the SMB/CIFS (or what ever protocol
WD-NetCenter is using) if she is unable to compromise any of the
computers on my WLAN that access password shares.
To make an analogy, are "password protected shares" in SMB like WEP
(i.e. security is a joke with regards to eavesdropping attacks) or like
WPA2 (security is decent with regards to eavesdropping attacks)?
Thank you for your comments,