Server Message Blocking Signing (SMB) Required for DCS to Function
search cancel

Server Message Blocking Signing (SMB) Required for DCS to Function

book

Article ID: 173268

calendar_today

Updated On:

Products

Data Center Security Server Advanced

Issue/Introduction

Occasionally security auditing companies may scan for vulnerabilities on your entire business infrastructure with your approval 

There may be reports that SMB Signing is either:

  • Enabled
  • Disabled

This applied directly on your DCS Manager in a Windows Server environment. Some companies may even recommend that you enable SMB to ensure packets are sent and received from trusted sources. This begs the question, "Is SMB required for DCS to function?"

Environment

Windows Family Products include:

  • Windows 2000
  • Windows Server 2008
  • Windows Vista SP1
  • Windows Server 2008 R2
  • Windows 7
  • Windows Server 2012
  • Windows 8
  • Windows 10

To identify if SMB signing is included and what versions it is:

  1. Open PowerShell as Administrator
  2. Type Get-SmbConnection

Cause

Windows Server either has SMB Enabled or Disabled.

Resolution

Rather than target SMB directly, we recommend:

  • Upgrading to the latest version of DCS

If you are unable to upgrade DCS to ensure greater security measures, you may also Enable or Disable SMB Signing on the DCS Manager in question, which will not impact communication between Agents and the DCS Manager:

Note: This will impact other timestamps and verification of communication regarding non-repudiation between the Server and between other applications. Consult with your Network and Security Administrator to decide if this option is right for you.

  1. On the Windows Server/Manager in question, click on Start (Windows Key)
  2. Type "Local Security Policy"
  3. Expand Local Policies > Security Options
  4. Locate "Microsoft network server: Digitally sign communications (always)"
  5. Here you may Enable or Disable SMB