OPS104: Securing SMB from within and without
Published Feb 02 2021 08:30 AM 4,580 Views

In this session, Ned Pyle discusses how widely the SMB protocol is used on Windows, Windows Server and in Microsoft Azure. Learn specific strategies to secure it from lateral movement and interception attacks.



Ned Pyle, Principal Program Manager



This session includes:

00:00 Introduction

02:32 SMB is everywhere

06:00 Distributed system defense is hard, not impossible

07:51 Interception defense

09:22 Paths to securing SMB

13:40 PATCH

14:30 No SMB1

19:03 No Guest Auth

21:03 No WebDAV

23:30 SMB over QUIC coming!

24:26 Limit outbound SMB

25:58 UNC Hardening

34:10 SMB 3.1.1

41:00 Encryption

44:46 No NTLM, Harden Kerberos

57:27 Movement defense

59:58 Block inbound edge

1:03:30 Inventory SMB

1:11:00 Firewall block and allow

1:16:39 Disable SMB Server

1:23:00 Final thoughts


Community Chat

Want to chat with others about this session? Come join us on Discord! https://aka.ms/ops104-chat


Learn more:

IT Ops Talks Hybrid Event: https://aka.ms/ITOpsTalks

IT Ops Talks Community Chat: https://aka.ms/OPS108-chat

About SMB over QUIC: https://aka.ms/SMBoverQUIC-Mar20Blog

SMB Interception Defense: https://aka.ms/smbinterceptiondefense

Beyond the Edge: How to Secure SMB Traffic in Windows: https://aka.ms/smbtrafficcontrol


Enjoyed the session? Please give us your feedback at https://aka.ms/ops104-feedback

To watch more sessions from the IT Ops Talks: All Things Hybrid event check out https://aka.ms/ITOpsTalks

Version history
Last update:
‎May 14 2021 11:08 AM
Updated by: