I just recently became fully aware of how easy it is to get the password hashes from a Samba server or a domain controller. Breaking them is basically effortless with rainbow tables. I guess this can only be done with administrative privileges, but these can be gained easily through a 1.7m iso file that resets all NT admin passwords. So it is easy to elevate privileges and get passwords.

Now, I want to know if there is a way around this or a way to secure this. Can the username and password has be sniffed from the network when a user requests a file or logs onto a samba server? When does the network transfer the username and hash? Can this be secured by encrypting all network traffic somehow? I would think this may be possible through something like SSH from machine to machine. So does that make the samba method overtly insecure?

Would encrypting the files that store the hashes make the system more secure? Is this even possible? Would encrypting the entire samba server OS be the key?

Help me out here. I'm a little fuzzy on the details but I have spotted the security risks and want to learn how to implement better security measures with samba.

Also, how can someone grab windows passwords off hashes from a windows machine, via the network. I think this is how my friend got ALL the usernames and passwords for his whole company and got his SYS admin in trouble for a lack of security.

If you can answer any questions here, I'd love it, or can you point me to a good guide for this?