d@jerkface.net wrote:
On Tue, Nov 29, 2005 at 10:19:46AM -0000, marc wrote:I have a share that is 3Tb. More practically, though, when a client works here, connects to the network and presents a share, he would be mightily peeved for all of its data to spread itself across the local universe. In fact, it would present a whole bunch of legal problems, I suspect.Oh, hogwash. Automatic discovery does not decrease security, it only increases convenience.
Depends on who you allow on your network.In corporate environments, people have been known to allow vendors and or people presenting information to them to plug into the corporate LAN. Without proper VLAN'ing or other security measures, a laptop inside your firewall could gather some information from auto-discovery type services.
In home environments, this probably isn't as much of a problem unless you're into allowing people you don't trust into your house and also on your internal network.
Like many security problems, the root cause in this example is not that auto-discovery services are running on your network, and the "exploit" requires multiple concurrent screw-ups through lack of thought about security, but it *is* a case where auto-discovery of services could lead to information loss.
Thus, the post... THINK about ALL the possibilities before stating with certainty that ANYTHING isn't a security risk.
Nate