Project

General

Profile

Feature #11033

It's time to require SMB signing by default

Added by Gordon Ross 3 months ago. Updated 3 months ago.

Status:
In Progress
Priority:
Normal
Assignee:
Category:
-
Start date:
2019-05-15
Due date:
% Done:

0%

Estimated time:
Difficulty:
Medium
Tags:
needs-triage

Description

for historical reasons (compatibility with old clients)
our default setting for smb signing is "enabled".
It's time to change the default to "required".
An admin with ancient clients can always change it back to "enabled".

Note that SMB signing can have a significant performance impact. Administrators may want to change the "SMB signing" setting to "enabled" (as it was in earlier releases) if performance is greater concern than defense against "man in the middle" attacks.

History

#1

Updated by Gordon Ross 3 months ago

  • Status changed from New to In Progress
  • Description updated (diff)

Testing: verify SMB signing is required in new installations (examine network capture)

Also available in: Atom PDF