HP CIFS Server 3.0d Administrator's Guide version A.02.02 (Edition 5)
Securing HP CIFS Server
Security Protection Methods
Chapter 10 229
Security Protection Methods
HP CIFS Server provides a flexible approach to network security and
implements the protocols to support more secure Microsoft Windows file
and print services.
You can secure HP CIFS Server from connections that originate from
outside the local network by using host-based protection. You can
also use interface-based exclusion, so that SMBD binds only to
specifically permitted interfaces. It is also possible to set specific share or
resource-based exclusions: for example, you can set a specific denial on
the IPC$ share.
You can also set access control entries (ACEs) in an access control list
(ACL) on the shares to secure the HP CIFS Server.
Restricting Network Access
You can use host-based restrictions , interface-based protection, a
firewall, or IPC$ share-based denials to restrict network access and
secure your HP CIFS Server. This section documents the information on
how to configure and use these protection methods.
Using Host Restrictions
In many installations, the threat to server security comes from outside
the immediate network. By default, the HP CIFS Server accepts
connections from any host, so you might want to set the hosts allow
and hosts deny options in the smb.conf configuration file to only allow
access to your server from a specific range of hosts.
An Example
The following configuration example allows SMB connections only from
’localhost’ (your own computer) and from the two private networks,
192.168.2 and 192.168.3. All other connections are refused as soon as
the client sends its first packet. The refusal message is displayed as a
not listening on called name error:
hosts allow = 127.0.0.1 192.168.2.0/24 192.168.3.0/24
hosts deny = 0.0.0.0/0