如何强化免受攻击Windows工作站和服务器

苏珊·布拉德利这里CSO在线。我们要休息上谈论Office 365的下一个月，因为我想谈一些工作站硬化，我要你做。我们将与已经在计算多年来一直使用的基础服务第一启动。服务器消息块或SMB是一个互联网标准协议，Windows使用共享文件和打印机串口。我们用它定期来共享和保存在网络上的文件。它甚至使用了在TCP / IP协议之上的互联网。它一直在使用，因为Windows 95和2019年它仍然经常发现和网络滥用。事实上，如果你有SMB V1仍然启用它往往可以在混合攻击，进一步造成损害，如勒索所用的新网络。在这个2016年的博客文章现在请注意在SMB V 1的关注并不是新的。这是三岁。 This blog post. Net Pyle indicates the following concerns over using SMB V1. When you keep on using it you lose some key protections such pre authentication integrity. Which improved protection against man in the middle attackers. You lose out on secured dialect negotiation. Again this is another man in the middle. Protection. You lose out on better encryption. This prevents inspection of data on the wire man in the middle attacks and performance is lost. You lose out on using insecure guest authentication blocking. Again this prevents and protects men in the middle attacks. And you lose out on better message signing. SHA 256 replaces the MD5 as the hashing algorithm. Signing performance increases as a result. If you use SMB v2 and v3. As Ned points send in the blog The Nasty bit is that no matter how you much you secure all of those things. If your clients still use SMB 1 and a man in the middle attack can tell your client to ignore all those protections. You can use either group policy or a push out registry key to disable SMB V1 and push everyone to SMB V2 and you can review the guidance and KB2696547 to detect SMB v 1 is still in use in your network and gracefully disable it. In Windows 10 you can use the power shall command Get-WindowsOptionalFeature –Online –FeatureName SMB1Protocol to test if you see if you have SMB v 1 enabled, I was pleased to see that it was disabled at the office. However I was less than pleased to see that here at home where I'm recording this video, I had SMB V1 enabled. You might find out as you disable SMB V1 that older copiers older printers and some older network sensible storage may depend on SMB v1. Ned has provided here a blog post that has a list of products that still require SMB v1 and some guidance for how you might work around it. If you can try to find the firmware or an update from the vendor to disable SMB V1. Work with your vendors push back on them try to get them to where they can support something without SMB being enabled.

在消费者方面，如果你是家庭用户像我。你必须多用户设备和您的Sonos音乐播放器，你会发现，你仍然需要一些SMB V1。同样，你需要看看是否可以更新固件。对于那些你是资讯技术管理员想要在使用家庭设备检查出倒钩的，有一个博客贴子，有关会谈的事情，你可以更新连接的世界。再看看是否有固件为这些设备。她指出，与我爱你的设备的问题，Sonos的扬声器，你必须移动本地库到NAS设备支持SMB v2的，因为它仍然需要SMB V1启用。如果你有这些家用设备的问题看对供应商的网站上的社会位置。您可能会发现另一个I.T.管理员就像你努力让这些问题理顺。 Finally last but not least you want to make sure that you're not sending outbound SMB packets you want to make sure that you block outbound port 445. And protect UDP ports 137 to 138 and TCP port 139. Most modern firewalls automatically do this but it's wise to just make sure and test to make sure that your firewalls are set appropriately. So now is the time to take stock in your environment. Do you still need SMB V1. Can you get yourself up to SMB V2 or V3. Take the time to look at your network evaluate even check your home network because it too can be vulnerable. Until next time. Thanks for being an insider on CSO Online. This is Susan Bradley.