OPS104: Securing SMB from within and without

This post has been republished via RSS; it originally appeared at: ITOps Talk Blog articles.

In this session, Ned Pyle discusses how widely the SMB protocol is used on Windows, Windows Server and in Microsoft Azure. Learn specific strategies to secure it from lateral movement and interception attacks.



Ned Pyle, Principal Program Manager



This session includes:

00:00 Introduction

02:32 SMB is everywhere

06:00 Distributed system defense is hard, not impossible

07:51 Interception defense

09:22 Paths to securing SMB

13:40 PATCH

14:30 No SMB1

19:03 No Guest Auth

21:03 No WebDAV

23:30 SMB over QUIC coming!

24:26 Limit outbound SMB

25:58 UNC Hardening

34:10 SMB 3.1.1

41:00 Encryption

44:46 No NTLM, Harden Kerberos

57:27 Movement defense

59:58 Block inbound edge

1:03:30 Inventory SMB

1:11:00 Firewall block and allow

1:16:39 Disable SMB Server

1:23:00 Final thoughts


Community Chat

Want to chat with others about this session? Come join us on Discord! https://aka.ms/ops104-chat


Learn more:

IT Ops Talks Hybrid Event: https://aka.ms/ITOpsTalks

IT Ops Talks Community Chat: https://aka.ms/OPS108-chat

About SMB over QUIC: https://aka.ms/SMBoverQUIC-Mar20Blog

SMB Interception Defense: https://aka.ms/smbinterceptiondefense

Beyond the Edge: How to Secure SMB Traffic in Windows: https://aka.ms/smbtrafficcontrol


Enjoyed the session? Please give us your feedback at https://aka.ms/ops104-feedback

To watch more sessions from the IT Ops Talks: All Things Hybrid event check out https://aka.ms/ITOpsTalks


REMEMBER: these articles are REPUBLISHED. Your best bet to get a reply is to follow the link at the top of the post to the ORIGINAL post! BUT you're more than welcome to start discussions here:

This site uses Akismet to reduce spam. Learn how your comment data is processed.