Neurohazard
暮雲煙月,皓首窮經;森羅萬象,如是我聞。

【Nessus】SMB Signing not required

wpadmin~September 10, 2019 /InfoSec/System Management

【Nessus】SMB Signing not required

<!–more–>

漏洞细节

SMB Signing not required
https://www.tenable.com/plugins/nessus/57608

修复方案

以 Windows Server 2008 R2 为例

1 备份注册表 (选择 计算机/Computer 这个根目录 导出)
2 运行注册表编辑器 (regedt.msc/Regedt32.exe)
3 选择 HKEY_LOCAL_MACHINE 之后再选择 System\CurrentControlSet\Services\LanManServer\Paramete 等
4 在此配置项中添加 以下内容


Value Name: EnableSecuritySignature Data Type: REG_DWORD Data: 0 (disable), 1 (enable) NOTE: The default is 0 (disable) Name: RequireSecuritySignature Type: REG_DWORD Value: 0 (disable), 1 (enable) NOTE: The default is 0 (disable)

之后保存,重启主机即可。

参考资料

How to back up and restore the registry in Windows
https://support.microsoft.com/en-hk/help/322756/how-to-back-up-and-restore-the-registry-in-windows

How to enable SMB signing in Windows NT
https://support.microsoft.com/en-hk/help/161372/how-to-enable-smb-signing-in-windows-nt

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.