HP CIFS Server 3.0a Administrator's Guide version A.02.01
Securing HP CIFS Server
Security Protection Methods
Chapter 12226
Using Interface Protection
By default, the HP CIFS Servers accepts connections on any network
interface that it finds on your system. That means if you have a ISDN
line or a PPP connection to the internet, then the HP CIFS server can
accept connections on those links. You can use the interface
configuration options to change the interface behavior.
Interface Protection Example
For example, you can change the interface behavior using options as the
followings:
interface = lan* lo0
bind interface only = yes
In above example, the HP CIFS Server only listens for connections on
interfaces with a name starting with lan such as lan0, lan1, plus on
the loopback interface called lo0. The interface name you need to use
depends on what OS you are using. If you use a LAN interface and
someone tries to make an SMB connection to your host over a PPP
interface called ‘ppp0’, he or she gets a TCP connection refused reply.
Using a Firewall
You can use a firewall to deny access to services that you do not want
exposed outside your network. This can be a very good protection
method, although the methods mentioned above can also be used in case
the firewall is not active for some reasons.
When you set up a firewall, you need to know which TCP and UDP ports
to allow. The HP CIFS Server uses the following ports:
UDP/137 - used by nmbd
UDP/138 - used by nmbd
TCP/139 - used by smbd
TCP/445 - used by smbd
The port, 445, is important as you may not be aware of it with many
older firewall setups, this port was only added to the protocol in recent
years.
Using an IPC$ Share-Based Denial
You can also use a more specific deny on the IPC$ share. This allows you
to offer access to other shares while denying access to a IPC$ share from
potentially untrustworthy hosts.