Hi,
Peter Guhl Listenempfänger wrote:
That's incomming traffic, I guess. Blocking that is a good idea.
True. I don't know Cablecom's network structure but I think blocking outgoing traffic will deny you to connect any other share, too (since you're not able to open a CIFS connection).
Blocking outgoing smb is not entirely pointless too since it stops scans for open shares at the source. I agree with you that it's better to use CIFS in a tunnel since it's everything else but secure.
The users I have on my network are only allowed to access the really required ports. Direct SMTP and other funny things as well as SMB/CIFS is blocked by the firewall. As for MSN (ieck!) I only allow the chat-protocol - downloads are blocked.
I really don't want them to open up shares over the internet especially since they really have no clue what they're doing (if they weren't my neighbours they'd probably use AOL).
If they use VPN, however, this is not blocked in any way.
CU Tobias