Information
File sharing from a user workstation creates additional risks, such as:
- Open ports are created that can be probed and attacked
- Passwords are attached to user accounts for access that may be exposed and endanger other parts of the organizational environment, including directory accounts
- Increased complexity makes security more difficult and may expose additional attack vectors
Apple's File Sharing uses the Server Message Block (SMB) protocol to share to other computers that can mount SMB shares. This includes other macOS computers.
Apple warns that SMB sharing stored passwords is less secure, and anyone with system access can gain access to the password for that account. When sharing with SMB, each user accessing the Mac must have SMB enabled. Storing passwords, especially copies of valid directory passwords, decreases security for the directory account and should not be used.
By disabling File Sharing, the remote attack surface and risk of unauthorized access to files stored on the system is reduced.
Solution
Graphical Method:
Perform the following steps to disable File Sharing:
- Open System Settings
- Select General
- Select Sharing
- Set File Sharing to disabled
Terminal Method:
Run the following command to disable File Sharing:
% /usr/bin/sudo /bin/launchctl disable system/com.apple.smbd
% /usr/bin/sudo /bin/launchctl bootout system/com.apple.smbd
Impact:
File Sharing can be used to share documents with other users, but hardened servers should be used rather than user endpoints. Turning on File Sharing increases the visibility and attack surface of a system unnecessarily.
Item Details
Category: ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
References: 800-53|AC-6(2), 800-53|AC-6(5), 800-53|CM-2, 800-53|CM-6, 800-53|CM-7, 800-53|CM-7(1), 800-53|CM-9, 800-53|SA-3, 800-53|SA-8, 800-53|SA-10, CSCv7|4.3, CSCv7|5.1, CSCv7|9.2
Control ID: a258ee2375a9bedac06e96781e5f84ee7db344ff702fb00ec7c3e4a412b420e1