During a regular security scan of a Windows 2008 Server, Nessus came up with the following “Severity: Medium” vulnerability:
Synopsis: Signing is disabled on the remote SMB server.
Signing is disabled on the remote SMB server. This can allow
man-in-the-middle attacks against the SMB server.
Enforce message signing in the host’s configuration. On Windows,
this is found in the Local Security Policy. On Samba, the setting is
called ‘server signing’. See the ‘see also’ links for further
Plugin ID: 57608
There seems to be some discussion going on whether enabling or disabling this feature/service is useful/dangerous or not.
Anyway, if you want to get rid of this vulnerability (if it is one or not) just go to “Control Panel\System and Security\Administrative Tools” and open “Local Security Policy”.
In “Local Policies/Security Options” find the following Policies and set them to “Enabled”
Microsoft network server: Digitally sign communications (always)
Microsoft network client: Digitally sign communications (always)
Scan the host again and you should not find the vulnerability again.
Nessus plugin documentation: http://www.tenable.com/plugins/index.php?view=single&id=57608