2

I have a NAS (network disk) from Zylex which stopped working under Windows 10 a while ago. Investigation shows that it uses SMBv1, which was implicated in several ransomware attacks and was therefore disabled by Microsoft. I have not yet found a workaround (I'm still looking) so it seems that my choices are to re-enable SMBv1 (as described in the Microsoft support guide) or to buy a new NAS.

Recent posts on Zyxel's site suggests that Zyxel are aware of the problem but have no plans to fix it. I have the latest firmware.

We (my wife and I, both retired) have a home network with two laptops, two tablets, two smartphones, a network printer and the NAS, we use internet extensively but not dangerously. We don't click on strange links or the like, but I could imagine us falling for a well-crafted Facebook post or something similar.

So my question is: how dangerous is SMBv1? Should I re-enable SMBv1 or buy a new NAS?

NL_Derek
  • 133
  • 6

1 Answers1

3

There are a number of CVEs against SMBv1 including:

So it comes down to what is an acceptable risk for you, and do you try to compensate for it by putting other controls in place like using an AV, a firewall, automatic patching, OpenDNS, etc.

Is it worth it to enable it for now and then look for a replacement for your NAS in the meantime? Only you can answer.

Me, I'd leave it on using all of the above extra security measures and look on Amazon to replace the NAS in the near term.

Joe M
  • 2,997
  • 1
  • 6
  • 13