Server Message Blocking Signing (SMB) Required for DCS to Function
Last Updated February 07, 2019
Occasionally security auditing companies may scan for vulnerabilities on your entire business infrastructure with your approval (Vulnerability Scanning; Nessus for example is a common Vulnerability Scanner used by auditing companies). There may be reports that SMB Signing is either:
This applied directly on your DCS Manager in a Windows Server environment. Some companies may even recommend that you enable SMB to ensure packets are sent and received from trusted sources. This begs the question, "Is SMB required for DCS to function?"
Windows Family Products include:
Windows Server 2008
Windows Vista SP1
Windows Server 2008 R2
Windows Server 2012
To identify if SMB signing is included and what versions it is:
Open PowerShell as Administrator
Windows Server either has SMB Enabled or Disabled.
Rather than target SMB directly, we recommend:
Upgrading to the latest version of DCS
If you are unable to upgrade DCS to ensure greater security measures, you may also Enable or Disable SMB Signing on the DCS Manager in question, which will not affect communication between Agents and the DCS Manager:
Note: This will affect other timestamps and verification of communication regarding non-repudiation between the Server and between other applications, such as Samba. Consult with your Network and Security Administrator to decide if this option is right for you.
On the Windows Server/Manager in question, click on Start (Windows Key)