Friday, December 13, 2024
Latest:
NETWORK ADMINISTRATIONSWindows server

Securing SMB [Windows Server 2019]

Alice AUSTIN

I (tobor), demonstrate how to secure the SMB protocol in a domain environment.

###### HOME USERS ######
Disable SMBv1 using the below PowerShell command as an admin
Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol

New-Item -Path “HKLM:SYSTEMCurrentControlSetServicesLanmanWorkStationParameters” -Name RequireSecuritySignature -Value 1 -Force -ErrorAction SilentlyContinue | Out-Null
New-Item -Path “HKEY_LOCAL_MACHINESystemCurrentControlSetServicesLanmanWorkStationParameters” -Name EnableSecuritySignature -Value 1 -Force -ErrorAction SilentlyContinue | Out-Null
New-Item -Path “HKEY_LOCAL_MACHINESystemCurrentControlSetServicesLanmanServerParameters” -Name RequireSecuritySignature -Value 1 -Force -ErrorAction SilentlyContinue | Out-Null
New-Item -Path “HKEY_LOCAL_MACHINESystemCurrentControlSetServicesLanmanServerParameters” -Name EnableSecuritySignature -Value 1 -Force -ErrorAction SilentlyContinue | Out-Null

###### DOMAIN ADMINS ######
Enable auditing of SMBv1 connections with this command
Set-SmbServerConfiguration -AuditSmb1Access $True -Force

——————————————————————————————————-

When SMBv1 auditing is enabled EventID 3000 appears in the “Microsoft-Windows-SMBServerAudit” event log, identifying each client that attempts to connect with SMBv1.

###### GPO TEMPLATE DOWNLOAD ######
Group Policy Settings for SMBv1 can be downloaded from
LINK: https://docs.microsoft.com/en-us/archive/blogs/secguide/security-baseline-for-windows-10-creators-update-v1703-final
Once you download “Windows 10 Version 1803 Security Baseline” go into the Templates folder
Copy the .admx files into C:WindowsPolicyDefinitions
Copy the adml files into C:WindowsPolicyDefinitionsen-US

RESPONDER TOOL USED
https://github.com/lgandx/Responder

0:00 Intro Summary
0:41 Demo of SMB Message Signing Importance
1:22 SMB Signing Enabled Prevents connection
1:36 SMB Singing NOT Enabled Allows Connection
2:32 Why you should disable SMBv1
3:35 Enable Audit Logging of SMBv1 Connections
4:34 HOME USERS : Disable SMBv1
5:09 Download Group Policy ADMX Template for SMBv1
6:55 Group Policy Settings MSS Security Guide
7:36 Group Policy Settings Kerberos Policy
9:31 Group Policy Settings Security Options
13:44 Group Policy Settings Lanman Workstation
14:22 Group Policy Settings Network Provider
15:49 Prevent Users from Creating Network Shares to Share Files
16:30 Thank you for watching!

View my Verified Certifications!
https://www.youracclaim.com/users/roberthosborne/badges

Follow us on GitHub!
https://github.com/tobor88
https://github.com/OsbornePro

Read our blogs!
https://roberthosborne.com/

Give Respect on HackTheBox!
https://www.hackthebox.eu/profile/52286

Like us on Facebook!
https://www.facebook.com/osborneprollc

View PS Gallery Modules!
https://www.powershellgallery.com/profiles/tobor

The B.T.P.S. Security Package
https://www.btps-secpack.com/

source

windows server

Alice AUSTIN

Alice AUSTIN is studying Cisco Systems Engineering. He has passion with both hardware and software and writes articles and reviews for many IT websites.

You May Also Like

HUVI NETWORK LAB: Escenario de Red (VLAN, VTP, HSRP, EIGRP, OSPF, DHCP y DHCP Relay)

vGPUs with OpenStack Nova

Curso de Windows Server 07 TCP IP 05 parametros

Alice AUSTIN

Leave a Reply

Your email address will not be published. Required fields are marked *