Specifications
Chapter 1 Understanding File Services 15
Protocol Security Comparison
When sharing network resources, congure your server to provide the necessary
security.
AFP and SMB provide some level of encryption to secure password authentication.
AFP and SMB do not encrypt data transmissions over the network so you should only
use it on a securely congured network.
FTP does not provide password or data encryption. When using this protocol,
make sure your network is securely congured. Instead of using FTP, consider using
the scp or sftp command-line tools. These tools securely authenticate and
securely transfer les.
The following table provides a comparison of the protocols and their authentication
and encryption capabilities.
Protocol Authentication Data Encryption
AFP Cleartext and encrypted
(Kerberos) passwords.
Not encrypted. Data is visible
during transmission.
NFS Encrypted (Kerberos) password
and system authentication.
Can be congured to encrypt all
data transmission.
SMB Cleartext and encrypted (NTLM
v1, NTLM v2, LAN Manager, and
Kerberos) passwords.
Not encrypted. Data is visible
during transmission.
FTP All passwords are sent as
cleartext. No encryption.
Not Encrypted. Data is sent as
cleartext.
Protocol Comparison
When sharing network resources, you might have more than one service turned on,
depending on the platforms that require access to these resources. The following table
describes which service protocols are supported for each platform.
Protocol Platform Default Ports
AFP Mac OS X and Mac OS X Server 548
SMB Mac OS X, Mac OS X Server,
Windows, UNIX, and Linux
137, 138, and 139
FTP Mac OS X, Mac OS X Server,
Windows, UNIX, and Linux
21
NFS Mac OS X, Mac OS X Server,
Windows, UNIX, and Linux
2049