Microsoft has published a guide to enable and disable the server message block (SMB). The vulnerability in SMB was exploited by viruses of extortionists (ransomare) for attacks on many computers in different parts of the world. An example of such a virus is Petya.
We want to talk about the article which describes how to enable and disable the Server Message Block (SMB) version 1 (SMBv1), SMB version 2 (SMBv2) and SMB version 3 (SMBv3) on the SMB client and server components. It should be noted that the authors do not recommend that you disable SMBv2 or SMBv3. You must disable SMBv2 or SMBv3 only as a temporary troubleshooting step. Do not leave SMBv2 or SMBv3 disabled.
In Windows 7 and Windows Server 2008 R2, disabling SMBv2 deactivates the following functionality:
1. Improved message signing – HMAC SHA-256 replaces MD5 as hashing algorithm;
2. Improved energy efficiency – clients that have open files to a server can sleep;
3. Large MTU support – for full use of 10-gigabye (GB) Ethernet.
At the same time, disabling SMBv3 deactivates the following functions:
1. Multichannel – aggregation of network bandwidth and fault tolerance if multiple paths are available between client and server;
2. Encryption – Provides end-to-end encryption and protects from eavesdropping on untrustworthy networks;
3. SMB Direct – adds RDMA networking support for very high performance, with low latency and low CPU utilization.