How save is SMB3 Encryption ?

Question

How save is SMB3 Encryption ?

I was researching the SMB3 Encryption option under Server 4.0.

I was wondering how save is this ? When i open port 445 in my router to acces my SMB share outside the network ?

Without encryption i did see some information, like path of folders. With encryption there was nothing readable in my package capture.

Is there a way to sniff out my login and password ?

Is there a way to sniff out information inside documents that i open ?

If this is save than a VPN is not necessary anymore for file-sharing.

Mac mini, OS X Server, Server 4.x

Posted on Jan 26, 2015 11:22 AM

Reply

Answer 1

Jan 27, 2015 8:05 AM in response to Patrick Savelberg (Private)

From general security principals you should not open any ports unless you have to. As you don't have to open the ports for SMB and can instead use a VPN it is best to stick with a VPN.

Remember also that with a VPN traffic is always encrypted, with SMB it will only be encrypted if both devices support SMB3 and both ends have not been configured to disable this, otherwise it might automatically drop down to SMB2 or even SMB1 which are not encrypted.

Reply

Answer 2

Jan 27, 2015 8:16 AM in response to John Lockwood

But when i turn on encryption in the server app, Maverick and mountainlion can't connect anymore. Thus it stay's on SMB3.

When using SMB2 / SMB 1 what kind of traffic is displayed. Login / passwords , Directory name information, filenames, or even the content of files ?

Reply