SMB Version 1

SMBv1 is an older protocol, nearly 30 years old. It was designed when sophisticated attacks were not an issue. SMBv1 forms the basis of such attacks as Eternal Blue otherwise known as MS17-011 and Double Pulsar. It should be disabled where possible . Its use is required where Windows XP and Windows 2003 are involved in file sharing or printing.

There are multiple ways to disable SMBv1.

  1. PowerShell: Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol or Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol -Remove
  2. Registry: HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters > set SMB1 to 0
  3. Add Roles and Features in Control Panel

SMB Signing

To further enhance SMB security, enable SMB Signing. These policies can be configured through Group Policy and the policies found here

Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options