|
|
Hello:
I'm trying to find some information on CIFS and RPC security. From what I've
been able to find, it looks like the implementation of CIFS in a Windows
XP/Windows Server 2003 network does encrypt the user authentication process
by default.
Would the default settings for those two OSes also encrypt the entire CIFS
session? My concern is that the data transferred from a file share could be
sniffed.
What about RPC when used for something like remote computer management? From
what I've been able to find, a Windows XP/Windows Server 2003 network does
encrypt the user authentication process for RPC. As with CIFS, I'm wondering
if the rest of the RPC traffic is encrypted by default.
I've been Googling for this info and I haven't found anything conclusive
that states that yes, by default, all CIFS and RPC traffic (authentication
and data) is encrypted in a Windows XP/Windows Server 2003 network.
If you have any links to references that can provide more info on these
topics, that would be great.
--
Thank you,
Mel K.
MCSA: M
|
|
"Mel K." <Mel.K[ at ]nowhere.com> wrote in message
news:ectchnvXJHA.5388[ at ]TK2MSFTNGP05.phx.gbl...
[Quoted Text] > Hello:
>
>
>
> I'm trying to find some information on CIFS and RPC security. From what
> I've been able to find, it looks like the implementation of CIFS in a
> Windows XP/Windows Server 2003 network does encrypt the user
> authentication process by default.
>
>
>
> Would the default settings for those two OSes also encrypt the entire CIFS
> session? My concern is that the data transferred from a file share could
> be sniffed.
>
>
>
> What about RPC when used for something like remote computer management?
> From what I've been able to find, a Windows XP/Windows Server 2003 network
> does encrypt the user authentication process for RPC. As with CIFS, I'm
> wondering if the rest of the RPC traffic is encrypted by default.
>
>
>
> I've been Googling for this info and I haven't found anything conclusive
> that states that yes, by default, all CIFS and RPC traffic (authentication
> and data) is encrypted in a Windows XP/Windows Server 2003 network.
>
>
>
> If you have any links to references that can provide more info on these
> topics, that would be great.
>
>
> --
> Thank you,
> Mel K.
> MCSA: M
Hi,
Regarding CIFS authentication, there're 2 cases: Kerberos and NTLM. In case
of Kerberos, even user's login name is encrypted. In case of NTLM, user's
login name isn't encrypted, however user password or even password hash is
never sent on the wire. By default, Win2K/Win2K3 network uses Kerberos. But
NTLM is still used in some cases, like when connecting to share by
ipaddress. For example, if fileserver MyServer has IP address
192.168.123.110 and user (on some XP client machine) types:
\\192.168.123.110\MyShare - from Run menu, then NTLM will be used. But if
user types: \\MyServer\MyShare - then Kerberos will be used.
Regarding CIFS traffic, it's not encrypted.
Regarding RPC traffic, it isn't encrypted by default (btw, CIFS is just one
of several RPC transports). Some RPC protocols (e.g. DCOM) can encrypt their
traffic.
You can have (all) traffic encrypted by configuring IPSEC (it's included
with Windows).
Sorry, I don't know of links of the top of my head.
Boris
|
|
Boris:
Thanks for the reply.
--
Thank you,
Mel K.
MCSA: M
"Boris" <spamno[ at ]nospam.net> wrote in message
news:494a8800$0$1614$742ec2ed[ at ]news.sonic.net...
[Quoted Text] >
> "Mel K." <Mel.K[ at ]nowhere.com> wrote in message
> news:ectchnvXJHA.5388[ at ]TK2MSFTNGP05.phx.gbl...
>> Hello:
>>
>>
>>
>> I'm trying to find some information on CIFS and RPC security. From what
>> I've been able to find, it looks like the implementation of CIFS in a
>> Windows XP/Windows Server 2003 network does encrypt the user
>> authentication process by default.
>>
>>
>>
>> Would the default settings for those two OSes also encrypt the entire
>> CIFS session? My concern is that the data transferred from a file share
>> could be sniffed.
>>
>>
>>
>> What about RPC when used for something like remote computer management?
>> From what I've been able to find, a Windows XP/Windows Server 2003
>> network does encrypt the user authentication process for RPC. As with
>> CIFS, I'm wondering if the rest of the RPC traffic is encrypted by
>> default.
>>
>>
>>
>> I've been Googling for this info and I haven't found anything conclusive
>> that states that yes, by default, all CIFS and RPC traffic
>> (authentication and data) is encrypted in a Windows XP/Windows Server
>> 2003 network.
>>
>>
>>
>> If you have any links to references that can provide more info on these
>> topics, that would be great.
>>
>>
>> --
>> Thank you,
>> Mel K.
>> MCSA: M
> Hi,
>
> Regarding CIFS authentication, there're 2 cases: Kerberos and NTLM. In
> case of Kerberos, even user's login name is encrypted. In case of NTLM,
> user's login name isn't encrypted, however user password or even password
> hash is never sent on the wire. By default, Win2K/Win2K3 network uses
> Kerberos. But NTLM is still used in some cases, like when connecting to
> share by ipaddress. For example, if fileserver MyServer has IP address
> 192.168.123.110 and user (on some XP client machine) types:
> \\192.168.123.110\MyShare - from Run menu, then NTLM will be used. But if
> user types: \\MyServer\MyShare - then Kerberos will be used.
> Regarding CIFS traffic, it's not encrypted.
> Regarding RPC traffic, it isn't encrypted by default (btw, CIFS is just
> one of several RPC transports). Some RPC protocols (e.g. DCOM) can encrypt
> their traffic.
>
> You can have (all) traffic encrypted by configuring IPSEC (it's included
> with Windows).
>
> Sorry, I don't know of links of the top of my head.
>
> Boris
|
|
|