In this session, Ned Pyle discusses how widely the SMB protocol is used on Windows, Windows Server and in Microsoft Azure. Learn specific strategies to secure it from lateral movement and interception attacks.
Speaker:
Ned Pyle, Principal Program Manager
00:00 Introduction
02:32 SMB is everywhere
06:00 Distributed system defense is hard, not impossible
07:51 Interception defense
09:22 Paths to securing SMB
13:40 PATCH
14:30 No SMB1
19:03 No Guest Auth
21:03 No WebDAV
23:30 SMB over QUIC coming!
24:26 Limit outbound SMB
25:58 UNC Hardening
34:10 SMB 3.1.1
41:00 Encryption
44:46 No NTLM, Harden Kerberos
57:27 Movement defense
59:58 Block inbound edge
1:03:30 Inventory SMB
1:11:00 Firewall block and allow
1:16:39 Disable SMB Server
1:23:00 Final thoughts
Want to chat with others about this session? Come join us on Discord! https://aka.ms/ops104-chat
IT Ops Talks Hybrid Event: https://aka.ms/ITOpsTalks
IT Ops Talks Community Chat: https://aka.ms/OPS108-chat
About SMB over QUIC: https://aka.ms/SMBoverQUIC-Mar20Blog
SMB Interception Defense: https://aka.ms/smbinterceptiondefense
Beyond the Edge: How to Secure SMB Traffic in Windows: https://aka.ms/smbtrafficcontrol
Enjoyed the session? Please give us your feedback at https://aka.ms/ops104-feedback
To watch more sessions from the IT Ops Talks: All Things Hybrid event check out https://aka.ms/ITOpsTalks
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.