There are three levels at which security principles must be observed in order to render a site
at least moderately secure. They are the perimeter firewall, the configuration of the host
server that is running Samba, and Samba itself.
Samba permits a most flexible approach to network security. As far as possible Samba implements
the latest protocols to permit more secure MS Windows file and print operations.
Samba can be secured from connections that originate from outside the local network. This can be done using
, using Samba's implementation of a technology known as
“tcpwrappers,” or it may be done be using
smbd will bind only to specifically permitted interfaces. It is also possible to set specific share- or
resource-based exclusions, for example, on the
share is used for browsing purposes as well as to establish TCP/IP connections.
Another method by which Samba may be secured is by setting Access Control Entries (ACEs) in an Access
Control List (ACL) on the shares themselves. This is discussed in
File, Directory, and Share Access Controls.