Suppose I have several machines both Linux and Windows I want to connect to each other for file-sharing. Now I use mount -cifs command with vers=3.0
clause to access Windows shares from my Linux machines
mount -t cifs -o credentials=/etc/credentials.cred,vers=3.0,uid=1000,gid=1000 //192.168.137.1/folder /media/folder
and I also use standard Windows SMB/CIFS functionality to access Linux shares from Windows 10. What bothers me is the efficiency of such configuration.
I know that I can utilize encryption and signing in Windows, e.g. via Set-SmbServerConfiguration –RejectUnencryptedAccess $false
, and I also know I can do this in Linux via smb.conf.
The question is: what is the most secure way to organize dual-way Samba sharing between Linux and Windows? Should I set up Linux as a server and Windows as client or vice versa?
It bothers me because of recent ransomware epidemic and impossibility to prohibit SMBv1 in Windows in such mixed heterogeneous landscape. When I turn off SMB/CIFS like this, my Linux boxes cannot access Windows boxes anymore.
Continue reading SMB/CIFS security in heterogeneous environment→