[Info-vax] SAMBA and Ransomeware
Scott Dorsey
kludge at panix.com
Sun Jul 16 15:26:13 EDT 2017
Stephen Hoffman <seaohveh at hoffmanlabs.invalid> wrote:
>Ned Pile of the Microsoft SMB team has repeatedly stated that running
>SMB 1 is very bad, and needs to stop. Here's a longer write-up on that
>topic:
>
>https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/
>
>Samba 3.6 and later support SMB 2 (from 2011) and Samba 4.3 added SMB
>3.1.1 (2015). The OpenVMS CIFS port is based on 3.0.28a. So...
>there's no way around using SMB 1 with the current Samba port.
This is true and unfortunate.
Some of the issue here is that the SMB protocol really wasn't designed for
security, and Microsoft over the years has tacked more and more stuff on it
to improve security and availability. We can expect that they will continue
to do this in the future.
This means that SMB is a moving target, and any attempt at supporting SMB
is going to require constant attention and a lot of updating. There is no
way around that I fear.
--scott
--
"C'est un Nagra. C'est suisse, et tres, tres precis."
More information about the Info-vax
mailing list