SMB Signing
The book of John says a good shepherd knows his sheep and his sheep know him. In cybersecurity, SMB Signing is similar to the shepherd-sheep relationship by verifying the identity of those connecting to your network shares, thus preventing Information Disclosure, MiTM attacks, spoofing, replay, data corruption, and more!
SMB signing, present in the Server Message Block (SMB) protocol, is a security measure designed to guarantee the integrity and authenticity of data exchanged among networked computers. It achieves this by preventing attackers from impersonating the server or client device after authentication, thus thwarting unauthorized access to data.
Recommendations
- Use SMBv3, with fallback to SMBv2
- Disable SMBv1
- Enable signing. In Group Policy: Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options. Enable: Microsoft network <client | server>: Digitally sign communications (always)
- If SMBv1, or optional signings, are needed to support legacy applications, do so on an as-needed basis per endpoint
- Use VLAN segmentation
- Block workstation-2-workstation communication
If you are looking for a reliable and experienced offensive security service that provides Rock Solid Security, look no further than PEN Consultants for all your information and cybersecurity testing needs. Contact us: https://penconsultants.com/contact-us/