OPS104: Securing SMB from within and without

Published Feb 02 2021 08:30 AM 3,044 Views
Microsoft

In this session, Ned Pyle discusses how widely the SMB protocol is used on Windows, Windows Server and in Microsoft Azure. Learn specific strategies to secure it from lateral movement and interception attacks.

 

Speaker:

Ned Pyle, Principal Program Manager

 

 

This session includes:

00:00 Introduction

02:32 SMB is everywhere

06:00 Distributed system defense is hard, not impossible

07:51 Interception defense

09:22 Paths to securing SMB

13:40 PATCH

14:30 No SMB1

19:03 No Guest Auth

21:03 No WebDAV

23:30 SMB over QUIC coming!

24:26 Limit outbound SMB

25:58 UNC Hardening

34:10 SMB 3.1.1

41:00 Encryption

44:46 No NTLM, Harden Kerberos

57:27 Movement defense

59:58 Block inbound edge

1:03:30 Inventory SMB

1:11:00 Firewall block and allow

1:16:39 Disable SMB Server

1:23:00 Final thoughts

 

Community Chat

Want to chat with others about this session? Come join us on Discord! https://aka.ms/ops104-chat

 

Learn more:

IT Ops Talks Hybrid Event: https://aka.ms/ITOpsTalks

IT Ops Talks Community Chat: https://aka.ms/OPS108-chat

About SMB over QUIC: https://aka.ms/SMBoverQUIC-Mar20Blog

SMB Interception Defense: https://aka.ms/smbinterceptiondefense

Beyond the Edge: How to Secure SMB Traffic in Windows: https://aka.ms/smbtrafficcontrol

 

Enjoyed the session? Please give us your feedback at https://aka.ms/ops104-feedback

To watch more sessions from the IT Ops Talks: All Things Hybrid event check out https://aka.ms/ITOpsTalks

 
Co-Authors
Version history
Last update:
‎May 14 2021 11:08 AM
Updated by: