Posted by Roger on 19 May 2017, 10:12 pm
Long before WannaCry used a recently patched Microsoft vulnerability to exploit machines, the recommendation was to disable SMBv1.
Disabling old protocols isn’t sexy. You’re breaking things, and not introducing new features. You’re fixing theoretical future attacks. Perhaps the willingness to take on this challenge is a good measure of the maturity level of a security program. Are you sitting around waiting for an attack so you have the justification of making a change. Are you sitting around waiting for a vendor to do it for you. (“I didn’t want to disable SSL3, your default browser did that. Guess you need to update the server application.”) Disabling it before an attack or before a vendor disables it for you is a better idea. You can proceed at your own pace. You can do testing.
This doesn’t mean it’s an easy road. One of my security product vendors sent out an alert today warning customers that disabling SMBv1 will lead to an unspecified loss of functionality. This is the other problem. Security vendors are all too lax about security.
Leaving old protocols enabled exposes you to vulnerabilities. Frequently even when newer versions of protocols are available, downgrade attacks force you to use the vulnerable protocol. Stay up to date on best practices. Be proactive about your company security rather than just being a sit filler waiting for the next emergency.
All copyrights for this article are reserved to us-cert.gov