Differences

This shows you the differences between two versions of the page.

--- en:it-security:smb-hardening [2023/11/13 14:53] – created psycore
+++ en:it-security:smb-hardening [2024/02/05 08:34] (current) – old revision restored (2024/02/04 23:30) psycore
@@ Line 1: / Line 1: @@
+{{tag>english startpage it-security windows active-directory}}
 ====== SMB Hardening ======
 ===== Technical background to the SMB protocol =====
-[[wpde>Server Message Block]] is susceptible to NTLM relay attacks if packets are not signed. This [[it-security:glossary:m:man-in-the-middle|man-in-the-middle attack]] hijacks authentications between clients and servers. Authentication can be used to start a session on the server and steal data.
+[[wpde>Server Message Block]] is susceptible to NTLM relay attacks if packets are not signed. This [[wpde>Man-in-the-Middle-Angriff|man-in-the-middle attack]] hijacks authentications between clients and servers. Authentication can be used to start a session on the server and steal data.
 The SMB signing explicitly assigns each initiated session to the client. This means that it is still possible to hijack the authentication, but it is discarded as the session is not signed.
@@ Line 19: / Line 20: @@
 ===== Procedure =====
-  * Step 1 - Deactivate SMBv1
+<mermaid>
-  * Step 2 - Optionally enable SMB signing on the client side
+  flowchart
-  * Step 3 - Force SMB signing on the server side
+      Z[Flow]
+      A[Disable SMBv1]
+      B[SMB signing]
+      C(Client)
+      D(Server)
+      E(optional activation)
+      F(forced activation)
+      Z--Step 1-->A
+      Z-->B
+      B-->C
+      B-->D
+      C--Step 2-->E
+      D--Step 3-->F
+</mermaid>
 ==== Step 1 - Deactivate SMBv1 ====