Recently, discovered that some servers are having SMB vulnerabilities, in this case, file sharing on SMB not requiring signing or signing is not enabled.
How do we secure the communications? Here's how.
If you are on Windows NT4.0, Windows 2K and Windows 2k3, go to registry at HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters
- For SMB signing Required, set Registry key RequireSecuritySignature=1
- For SMB signing Enabled (if server agrees), set Registry key EnableSecuritySignature=1 and RequireSecuritySignature=0
- For SMB signing Disabled (if server agrees), set Registry key EnableSecuritySignature=0 and RequireSecuritySignature=0
If you on Windows 98, go to registry at HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkStation\Parameters
- For SMB signing Required, set Registry key RequireSecuritySignature=1
- For SMB signing Enabled (if client agrees), set Registry key EnableSecuritySignature=1 and RequireSecuritySignature=0
- For SMB signing Disabled (if client agrees), set Registry key EnableSecuritySignature=0 and RequireSecuritySignature=0
Do note that all registry keys should be of type DWORD.
If you want to set through GPO, set through Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options
- For SMB2 signing Required, set Registry key RequireSecuritySignature=1
- For SMB2 signing Not required, set Registry key RequireSecuritySignature=0
If you are on Windows Vista and XP or 7, you should be on SMB2. Configuration is slightly easier. you can go to registry at HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkStation\Parameters
- For SMB2 signing Required, set Registry key RequireSecuritySignature=1
- For SMB2 signing Not required, set Registry key RequireSecuritySignature=0
No comments:
Post a Comment