Server Message Block (SMB) signing enable

During a regular security scan of a Windows 2008 Server, Nessus came up with the following “Severity: Medium” vulnerability:

Synopsis: Signing is disabled on the remote SMB server.
Description
Signing is disabled on the remote SMB server. This can allow
man-in-the-middle attacks against the SMB server.
Solution
Enforce message signing in the host’s configuration. On Windows,
this is found in the Local Security Policy. On Samba, the setting is
called ‘server signing’. See the ‘see also’ links for further
details.
[…]
Plugin ID: 57608
Port/Service: cifs(445/tcp)

There seems to be some discussion going on whether enabling or disabling this feature/service is useful/dangerous or not.

Anyway, if you want to get rid of this vulnerability (if it is one or not) just go to “Control Panel\System and Security\Administrative Tools” and open “Local Security Policy”.
In “Local Policies/Security Options” find the following Policies and set them to “Enabled”
Microsoft network server: Digitally sign communications (always)
Microsoft network client: Digitally sign communications (always)

Scan the host again and you should not find the vulnerability again.

Source: http://technet.microsoft.com/en-us/library/cc731957.aspx
Nessus plugin documentation: http://www.tenable.com/plugins/index.php?view=single&id=57608

2 thoughts on “Server Message Block (SMB) signing enable

  1. Murthy

    Hi,

    During a PCI audit we found this error, could you tell me if this is PCI vulnerability? or not

    1. Josef Post author

      Hi,
      If this problem was found on a server which is in PCI scope: yes, you better fix this

      regards
      J.

Comments are closed.