There are three levels at which security principals must be observed in order to render a site at least moderately secure. They are the perimeter firewall, the configuration of the host server that is running Samba and Samba itself.
Samba permits a most flexible approach to network security. As far as possible Samba implements the latest protocols to permit more secure MS Windows file and print operations.
Samba may be secured from connections that originate from outside the local network. This may be done using host-based protection (using samba's implementation of a technology known as " tcpwrappers ," or it may be done be using interface-based exclusion so smbd will bind only to specifically permitted interfaces. It is also possible to set specific share or resource-based exclusions, for example on the [IPC$] auto-share. The [IPC$] share is used for browsing purposes as well as to establish TCP/IP connections.
Another method by which Samba may be secured is by setting Access Control Entries (ACEs) in an Access Control List (ACL) on the shares themselves . This is discussed in Chapter 12, File, Directory and Share Access Controls .