I have a folder on a Linux server that I need to share with a number of different clients all over the country. Some requirements:
- The folder needs to be mountable as an ordinary network drive in Windows
- The system should not require a great deal of configuration on the clients' side
- The share needs to be available at all times
The first thing that came to mind was using Samba over the Internet. However, having researched this a bit, everyone keeps advising against using Samba over the Internet, instead recommending alternatives such as SSHFS or an SFTP server, which fail one or both of my two first requirements.
The final alternative that I've seen suggested is setting up a VPN server and making clients connect through VPN to get access to the Samba share. However, using VPN either channels all network traffic through my VPN server, which forces the user to connect to the VPN server only when they want to access the share, which fails requirement 3 and also makes the share difficult to use for non-technical users.
This takes me right back to the start — what exactly is so insecure or otherwise bad about exposing Samba to the Internet, given a good firewall, an IP whitelist in the Samba configuration, and encrypted network transport in Samba?
Best Answer
The SMB protocol allows for unencrypted data transfer once authentication is complete and connections are established. Anyone snooping the wires can intercept the data being transferred back and forth via your share(s).
If you have encrypted transports for your network shares, though, that is mitigated.