SMBv1 isn’t safe

Long before WannaCry used a recently patched Microsoft vulnerability to exploit machines, the recommendation was to disable SMBv1.

Disabling old protocols isn’t sexy.   You’re breaking things, and not introducing new features.  You’re fixing theoretical future attacks.   Perhaps the willingness to take on this challenge is a good measure of the maturity level of a security program.  Are you sitting around waiting for an attack so you have the justification of making a change.  Are you sitting around waiting for a vendor to do it for you.  (“I didn’t want to disable SSL3, your default browser did that.  Guess you need to update the server application.”)  Disabling it before an attack or before a vendor disables it for you is a better idea.  You can proceed at your own pace. You can do testing.

This doesn’t mean it’s an easy road.   One of my security product vendors sent out an alert today warning customers that disabling SMBv1 will lead to an unspecified loss of functionality.   This is the other problem.   Security vendors are all too lax about security.

Leaving old protocols enabled exposes you to vulnerabilities.  Frequently even when newer versions of protocols are available, downgrade attacks force you to use the vulnerable protocol.  Stay up to date on best practices.  Be proactive about your company security rather than just being a sit filler waiting for the next emergency.

The post SMBv1 isn’t safe appeared first on Roger’s Information Security Blog.

from SMBv1 isn’t safe

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s