Description of SMB signing in the Microsoft Network

The Server Message Block (SMB) protocol was developed jointly by Microsoft, IBM and Intel. SMB is used for providing and obtaining network file services, making it possible to copy files between networked computers. Security issues can arise if in a network with untrusted clients:
  • Man-in-the-middle attack: The Intruder setup a network sniffer and intercept the traffic sent when a user copies a file from one computer to another. To keep the Intruder from being able to convert the intercepted traffic to a file again, one uses Mutual Authentication.
  • Active Message attack: The Intruder replays intercepted traffic. To keep the Intruder from replaying the deletion of directory or similar, one uses Message Authentication.
SMB signing includes the security features Mutual Authentication and Message Authentication. Though when enabling SMB signing one is also adding an overhead that can decrease file transfer performance with 10-15%. Therefore if performance is critical and located in a trusted network, then one can consider to disable SMB signing.

Note when having SMB signing enabled, then it will also add extra security when sending username and password over the network for authentication. Therefore if turning off SMB signing then one should especially consider enforcing a higher password encryption level.

Related Configure SMB signing in Win9x
Related Configure SMB signing in WinNT+

Updated: 3 July 2008

Leave a Reply

Your email address will not be published. Required fields are marked *