扫描报告中SMB漏洞的处理
enli 2008-04-18 05:30:36 老外给的一个服务器安全扫描报告,其中一个威胁如下:
Disabled SMB Signing
QID: 90043
Category: Windows
CVE ID: -
Vendor Reference: -
Bugtraq ID: -
Modified: 12/03/2007
Edited: No
Scan Results page 5
THREAT:
This host does not seem to be using SMB (Server Message Block) signing.
SMB signing adds security to a network using NetBIOS, avoiding man-in-the-middle attacks.
IMPACT:
Unauthorized users sniffing the network could catch many challege/response exchanges and replay the whole thing to grab particular session keys, and then
authenticate on the Domain Controller.
SOLUTION:
Workaround:
Please refer to Microsoft's article - 887429 (http://support.microsoft.com/?kbid=887429) for information on enabling SMB signing.
COMPLIANCE:
Not Applicable
RESULTS:
No results
求高手讲解一下,这里的SMB是不是要按照MSDN里面的修改就可以了?它的意思是不是开启签名?