smbv1

SMBv1- a very old protocol causing Wanna-Cry: should it be disabled?

SMBv1 isn’t safe and what-so-ever update you run or patch you update the problem is- you are still running SMB1. Hackers behind WannaCry ransomware infected servers with vulnerable SMB ports before victimizing them with phishing emails. The original SMB1 protocol is 30 years old and it was designed for the 80’s world, a world without cyber criminals and big data and rudimentary computer usage.

A security researcher affiliated with the Croatian Government CERT has warned that while WannaCry used only two tools to exploit SMB vulnerabilities, anew worm named EternalRocks will be armed with at least seven such tools to infect systems across the globe. EternalRocks will not only use lethal SMB (Server Message Block) tools which are named EternalBlue, EternalChampion, EternalSynergy, and EternalRomance but also SMB reconnaissance tools named SMBTouch and ArchTouch which will keep an eye on affected computers. We have already seen EternalBlue causing havoc at major ports and terminals across globe.

The later SMB protocols provide protections in key areas such as:•

SMB is used to transfer files between computers. The setting is enabled for most systems but is not needed. Disable them if not in use.

How to do it:

Open Control Panel > Programs & Features >Turn Windows features on or off.
In the list of option, one option would be SMB 1.0/CIFS File sharing support. Uncheck the checkbox associated with it and press OK.

On Client, the PowerShell approach (Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol)

smbv11

You can also tweak the Windows Registry to disable SMB1.

Run regedit and navigate to the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters

In the right side, the DWORD SMB1 should not be present or should have a value of 0.

The values for enabling and disabling it are as follows:

  • 0 = Disabled
  • 1 = Enabled

SMB isn’t good. It is archaic and it must be disabled.

website security (1)

Leave a Reply

Your email address will not be published. Required fields are marked *