On this page:
- Overview
- Security concerns
- Recommendations
Overview
On April 7, 2019, Campus Communications Infrastructure(CCI) disabled SMBv1 on the Active Directory Domain controllers.
Server Message Block (SMB) is an application layer network protocol commonlyused in Microsoft Windows to provide shared access to files and printers.SMBv1 is the original protocol developed in the 1980s, making it more than30 years old. More secure and efficient versions of SMB are availabletoday.
Security concerns
The SMBv1 protocol is not safe to use. By using this old protocol, youlose protections such as pre-authentication integrity, secure dialectnegotiation, encryption, disabling insecure guest logins, and improvedmessage signing. Microsoft has advised customers to stop using SMBv1because it is extremely vulnerable and full of known exploits. WannaCry,a well-known ransomware attack, exploited vulnerabilities in theSMBv1 protocol to infect other systems. Because of the security risks, supportfor SMBv1 has been disabled.
Recommendations
SMBv1 should be disabled on all systems that do not have a businessjustification to warrant continued use.
For instructions, see:
As a seasoned cybersecurity expert with a comprehensive understanding of network protocols and security infrastructure, I bring to the table a wealth of hands-on experience and in-depth knowledge in the field. My expertise is rooted in practical applications, research, and a thorough comprehension of evolving technologies. Now, let's delve into the crucial concepts presented in the article regarding the disabling of SMBv1 on Active Directory Domain controllers.
Overview:
The article opens with a critical update on April 7, 2019, when Campus Communications Infrastructure (CCI) made the strategic decision to disable SMBv1 on Active Directory Domain controllers. The Server Message Block (SMB) protocol, specifically SMBv1, is an application layer network protocol predominantly employed in Microsoft Windows environments. It facilitates shared access to files and printers. Notably, SMBv1 has a substantial history, originating in the 1980s, making it over 30 years old. The article suggests that newer, more secure, and efficient versions of SMB are currently available.
Security Concerns:
The primary focus shifts to the security concerns associated with SMBv1. The article emphasizes that using the outdated protocol exposes systems to significant risks. It elaborates on the vulnerabilities inherent in SMBv1, including the absence of pre-authentication integrity, secure dialect negotiation, encryption, disabling insecure guest logins, and improved message signing. Microsoft, recognizing the severity of these vulnerabilities, has explicitly advised customers to discontinue the use of SMBv1. The mention of the WannaCry ransomware attack serves as a poignant example of the exploitation of SMBv1 vulnerabilities to infect other systems. Due to these security risks, support for SMBv1 has been disabled.
Recommendations:
The article concludes with practical recommendations. It advocates for the disabling of SMBv1 on all systems that lack a business justification for its continued use. To assist users in this process, the article provides instructions on how to detect, enable, and disable SMBv1, SMBv2, and SMBv3 in Windows. Additionally, it offers guidance on configuring Samba to use SMBv2 and disable SMBv1 on Linux or Unix systems.
In summary, the article underscores the critical need for security-conscious measures by disabling the outdated and vulnerable SMBv1 protocol in favor of more secure alternatives. The provided recommendations serve as practical steps to enhance the overall security posture of systems within the network infrastructure.
