Blog Post

Storage at Microsoft
7 MIN READ

Stop using SMB1

NedPyle's avatar
NedPyle
Bronze Contributor
Apr 10, 2019
First published on TECHNET on Sep 16, 2016 Hi folks, Ned here again and today’s topic is short and sweet: Stop using SMB1. Stop using SMB1 . STOP USING SMB1! In September of 201...
Updated Sep 02, 2020
Version 10.0
smb 3 0
Moondoggie's avatar
Moondoggie
Copper Contributor
Jul 06, 2021

Hi @Ned Pyle! So I didn't have SMB1 enabled, but thank you for reminding me to turn off all sorts of other "features" I don't want on my windows box. What I don't get is why in the "Shared Folders / Shares" section of Computer Management I always see all my internal drives exposed / listed as C$, D$, and also there is IPC$ and ADMIN$.  Under the description it says "default share" - but I never enabled anything like that, and was sure to turn anything unnecessary off when hardening this system.  Are my drives really exposed to the open internet somehow by some other CIFS related protocol (or anything else) do you think?  Sorry for the newb question.. I'm much more comfortable with GNU/linux.

 

Oh yeah also if you are going to blame the California hippies for their laxity, you may as well blame the MIT and their exclusive mega-nerds too.  I mean MIT should take 1/3 of the blame for naive lack of sophistication, since they were 1 of the 3 nodes in the primordial internet. (AKA Arpanet).  The other two were indeed Californian hippies at UC Berkeley at a RAND Corp spinoff in LA.   The history of the internet is weird.  Not many people considered security an issue because for along time we considered Moscow much less sophisticated (eg no networking)- despite the fact they won the space race.

 

Then a man who is famous for attracting idiotic alt-right conspiracy theories to him (not Bill this time.. but George) built a data corridor between San Francisco and Moscow.  Here, if you want some funny history of the early internet (pasting from wikipedia):

 

At the time, Western users of https://en.wikipedia.org/wiki/Usenet were generally unaware of that, so one of them on April 1, 1984 made an "https://en.wikipedia.org/wiki/April_Fools%27_Day" hoax about "https://en.wikipedia.org/wiki/Kremvax" ("https://en.wikipedia.org/wiki/Kremlin https://en.wikipedia.org/wiki/VAX") that gained some popularity for subsequent years.  It was funny because the notion that Usenet might ever penetrate the https://en.wikipedia.org/wiki/Iron_Curtain seemed so totally absurd at the time. The thing is, there was still no need for security then because no top secret data moved over usenet, or even arpanet.  

 

Six years later Usenet was joined by https://en.wikipedia.org/wiki/DEMOS_(ISP), the first genuine site based in https://en.wikipedia.org/wiki/Moscow. Some readers needed convincing that the postings from it were not just another prank. The senior programmer at Demos and the major poster from there until mid-1991, was quite aware of all this, and referred to it frequently in his own postings. Antonov later arranged to have the domain's gateway site named kremvax.demos.su, turning fiction into truth and, according to one account, "demonstrating that the hackish sense of humor transcends cultural barriers".   😃