4

We have a requirement of using SMB protocol due to a system limitation. will enabling SMB authentication among the nodes will prevent the ransomware threat spreading in network?

Reference: https://docs.microsoft.com/en-us/windows/desktop/fileio/microsoft-smb-protocol-authentication

Sayan
  • 2,033
  • 1
  • 11
  • 21

2 Answers2

3

An exploit is making use of a vulnerability to perform an unintended action. So an exploit may execute code without going through an authentication flow or a variety of other actions. This is why regular patching and not using software that is no longer supported is so important.

Authentication is only useful if the software does not have vulnerabilities that bypass it - with SMBv1 this would be the popular eternal blue.

As for your particular issue there are a couple versions of SMB if you are on version 1 then you are going to need a few extra security controls to address your requirement to use an outdated protocol.

It would be worth costing up an upgrade of your systems and compare it to potential losses or costs for the additional controls.

Note its important to understand that being just within your own network is not a satisfactory control for outdated SMBv1 as seen with latest Upnp issue making the rounds

McMatty
  • 3,192
  • 1
  • 7
  • 16
0

As far as I know ransomware use a exploit to do the work, so I don't think enabling authentication will help, take into consideration that SMB is an awful protocol design, so the first thing you need to do is to remove from your network, if you have a system that still use that find other way to do it. SMB is not a secure protocol from my point of view.

camp0
  • 2,172
  • 1
  • 10
  • 10