|
We've contracted with IBM to perform some threat analysis of our network.
We get these qualsys reports of our vulnerabilities. They were analyzing
our domino based quickr server running on i.
One vulnerability is SMB Signing Disabled or SMB Signing Not Required
Is this something we should be concerned about? Why? What should we do
about it?
Details of threat below:
Level 2 SMB Signing Disabled or SMB Signing Not Required
QID: 90043
Category: Windows
CVE ID: -
Vendor Reference: -
Bugtraq ID: -
Service Modified: 01/20/2010
User Modified: -
Edited: No
THREAT:
This host does not seem to be using SMB (Server Message Block) signing.
SMB signing is a security mechanism in the SMB protocol and is also
known as security signatures. SMB signing is designed to help improve the
security of the SMB protocol.
SMB signing adds security to a network using NetBIOS, avoiding
man-in-the-middle attacks.
When SMB signing is enabled on both the client and server SMB sessions are
authenticated between the machines on a packet by packet basis.
IMPACT:
Unauthorized users sniffing the network could catch many
challenge/response exchanges and replay the whole thing to grab particular
session keys,
and then authenticate on the Domain Controller.
SOLUTION:
Without SMB signing, a device could intercept SMB network packets from an
originating computer, alter their contents, and broadcast them to the
destination computer. Since, digitally signing the packets enables the
recipient of the packets to confirm their point of origination and their
authenticity, it is recommended that SMB signing is enabled and required.
Please refer to Microsoft's article 887429 (
http://support.microsoft.com/?kbid=887429) for information on enabling SMB
signing.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
No results available
Rob Berendt
--
Group Dekko
Dept 1600
Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.