-2

How can I encrypt smb with python? Basically writing to a share in a way that the path is concealed. I made this audit system that saves log files to specific path in a netapp that everyone can access.

The problem is that it sends the logs in cleartext and if someone uses wireshark they can figure the path immediately. What can I do to overcome it? Encryption? Run it with specific service that only it got access to that share? Somehow conceal the path?

I have tried pysmb but it didn't quite work.

Anthon
  • 69,918
  • 32
  • 186
  • 246
Chechik
  • 11
  • 1
  • 7

1 Answers1

0

You have two or three options here:

  1. Encrypt your logs; so that even if the location is known, the logs themselves are not easily read. This has the benefit of concealing information during transit, and while at rest (ie, while on disk).

So to read the logs you'll have to write a decryption tool. Now you have two problems. The first is, your tool needs to be written such that the encryption secret sauce you are using can't be figured out; and secondly if there is a problem in reading the logs - you won't know where to look - is it a problem with the decryption? Is is a problem with the encryption? Is it a problem with the hard disk itself? The network?

You also have to consider that logs are designed to be in plain text because eventually you will be reading/consuming those logs by some third party program.

For all that and more, this option isn't recommended.

  1. You can prevent access to the file location. This way even if the location is discovered, the user will not have access to read the files. They can still read the information that's going across in transit.

  2. You can encrypt the channel; and then make sure you count for the overhead that encryption brings.

Burhan Khalid
  • 169,990
  • 18
  • 245
  • 284