New
#1
Need SMB V1 enabled for my NAS - Risks/workarounds?
I had to enable this for my old NAS to work. What are the security risks and is there another workaround that is safer?
win10 pro 19041.508
I had to enable this for my old NAS to work. What are the security risks and is there another workaround that is safer?
win10 pro 19041.508
The risks are discussed in several places
Enable or Disable SMB1 - TenForumsTutorials
Missing Network lists - smb1 can be okay behind the router firewall - Compumind - TenForums
SMB is Dead, Long Live SMB - Microsoft Tech Community
SMB is Dead, Long Live SMB - TenForums
Stop using SMB1 - Microsoft Tech Community
Happy reading,
Denis
Hi folks
@martik777
this whole thing - particularly on HOME Networks worrying about the security issues of using SMBV1 is totally overblown as are these days most security issues on Home machines (I exclude corporate, office, commercial web servers, public Forums, cloud servers, E-commerce sites such as Banking , shopping and whatever) from this as they DO have to worry extra about security for all sorts of reasons). Just keep Windows defender regularly updated -- then on a Home computer nothing to worry about - even if you use some of those sites that aren't "mentionable" on these Forums to get movies / TV stuff etc.
Most NAS systems operate on Unix / LINUX type OS's which are reasonably secure in the first place.
You are much more likely to get Scammed / defrauded by all sorts of well known scams --fake websites, "dubious tax refunds" etc etc than have your computer hacked these days --hacking ("Old school type") is so last century - who is bothered these days at trying to hack and old "Mom and Pop" home computer these days --no fun or skill in that required at all. --Scamming and making money is the C21 name of the game now.
Cheers
jimbo
If you were using Windows 10 home you would find SMB 1 enabled by default - so I conclude that Microsoft do not consider this a major risk for a home user.
"That is no longer correct. It changed a few Windows 10 Versions ago."
It was correct for me doing a clean install in January this year - so not more than 1 version (if any). Windows 10 pro did however change several versions ago.
I use a NAS box(2012) and SMB 1 is enabled both in Windows 10 and the NAS Box minimum is also SMB 1, max can be set up to SMB 3.
It works better when SMB 1 is enabled. I am well aware of the security risks.
SMB 1 is not enabled by default on Windows 10 Home for the most recent versions, forget when exactly that changed...
This is the relevant dialog on a computer that was delivered on 14th July 2020 with Windows 10 Home Version 1909 and that has not been set up at all. The only changes have been 2 CUs, Firefox, TV tuners, Acronis TI, WinZip, WavePad, MS Mouse without borders.
Ver 1709 was the first to have SMB disabled by default according to Enable or Disable SMB1 File Sharing Protocol - TenForumsTutorials
Denis
Hi folks
On Some later NAS systems that support >SMB1 - if file sharing is enabled by SAMBA you can try setting the following in the smb.conf file on the NAS in the [global] section : (file is usually) in the /etc/samba directory. This should be able to see if SMB3 or whatever works if you disable SMB1 on Windows --if it doesn't simply re-enable SMB1 on Windows.
min protocol = NT1
Restart the samba services on the NAS -- usually a command like sudo systemctl restart nmb(d) smb(d).
some NAS's have smb and nmb as the samba file sharing services others have smbd and nmbd.
then try disabling SMB1 on your Windows machine -- personally I wouldn't bother but there you are : !!!
If you also want connectivity to / from any XP machine (VM or real) you also need to add these 2 lines into the smb.conf file in the [global] section:
lanman auth=yes
ntlm auth=yes
(I'll expect more "self righteous horrors" from security admins for adding those lines into the smb.conf file).
Normally I respect I.T technicians but the whole A/V - Anti Virus and security industry is in mega "job preservation mode" when it comes to HOME systems.
WD together with the real time protection is based on the enterprise (and US Govt NSA approved) security system Ms is employing on it's AZURE CLOUD servers -- please don't even THINK of telling me that Home systems even need anything like that level of security !!!. Just be greatful that WD is as good as it is currently - and it IS !!!!!.
Cheers
jimbo