WN12-SO-000033 - The Windows SMB server must perform SMB packet signing when possible.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

The server message block (SMB) protocol provides the basis for many network operations. Digitally signed SMB packets aid in preventing man-in-the-middle attacks. If this policy is enabled, the SMB server will negotiate SMB packet signing as requested by the client.

Solution

Configure the policy value for Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> 'Microsoft network server: Digitally sign communications (if client agrees)' to 'Enabled'.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_2012_and_2012_R2_DC_V3R5_STIG.zip

Item Details

References: CAT|II, CCI|CCI-002418, CCI|CCI-002421, Rule-ID|SV-226298r852142_rule, STIG-ID|WN12-SO-000033, STIG-Legacy|SV-52870, STIG-Legacy|V-1162, Vuln-ID|V-226298

Plugin: Windows

Control ID: 356827a46d3294ca80c28c64342041f5b8dcd9422cc156dcdd1f6ab9d008aee5