We've contracted with IBM to perform some threat analysis of our network.
We get these qualsys reports of our vulnerabilities. They were analyzing
our domino based quickr server running on i.
One vulnerability is SMB Signing Disabled or SMB Signing Not Required
Is this something we should be concerned about? Why? What should we do
about it?
Details of threat below:
Level 2 SMB Signing Disabled or SMB Signing Not Required
QID: 90043
Category: Windows
CVE ID: -
Vendor Reference: -
Bugtraq ID: -
Service Modified: 01/20/2010
User Modified: -
Edited: No
THREAT:
This host does not seem to be using SMB (Server Message Block) signing.
SMB signing is a security mechanism in the SMB protocol and is also
known as security signatures. SMB signing is designed to help improve the
security of the SMB protocol.
SMB signing adds security to a network using NetBIOS, avoiding
man-in-the-middle attacks.
When SMB signing is enabled on both the client and server SMB sessions are
authenticated between the machines on a packet by packet basis.
IMPACT:
Unauthorized users sniffing the network could catch many
challenge/response exchanges and replay the whole thing to grab particular
session keys,
and then authenticate on the Domain Controller.
SOLUTION:
Without SMB signing, a device could intercept SMB network packets from an
originating computer, alter their contents, and broadcast them to the
destination computer. Since, digitally signing the packets enables the
recipient of the packets to confirm their point of origination and their
authenticity, it is recommended that SMB signing is enabled and required.
Please refer to Microsoft's article 887429 (
http://support.microsoft.com/?kbid=887429) for information on enabling SMB
signing.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
No results available
Rob Berendt
midrange.com
