Desabilitando o SMB Inteiramente em PCs que não são do domínio

0

Em um ambiente com PCs sem conectividade de domínio, em que a única conectividade de rede é possível com uma impressora em rede, quais são as implicações de desativar totalmente o SMB? Imagine uma biblioteca local, onde há (5) PCs e uma impressora na mesma sub-rede. O SMB não deve ser necessário e apenas apresenta um problema de segurança. Pode ser desativado com segurança (v1, v2 e v3) sem problemas?

    
por Beems 06.06.2017 / 15:18

1 resposta

0

In an environment with PCs that have no domain connectivity where the only network connectivity is possibly to a networked printer, what are the implications of disabling SMB entirely?

Com base nas informações fornecidas pelo artigo, não parece que a desativação do SMB o impediria de usar uma impressora de rede.

Can it be safely disabled (v1, v2, and v3) without problems?

É muito mais fácil citar quais recursos são desativados se você desabilitar SMBv1, SMBv2 e SMBv3.

In Windows 7 and Windows Server 2008 R2, disabling SMBv2 deactivates the following functionality:

  • Request compounding - allows for sending multiple SMB 2 requests as a single network request
  • Larger reads and writes - better use of faster networks
  • Caching of folder and file properties - clients keep local copies of folders and files
  • Durable handles - allow for connection to transparently reconnect to the server if there is a temporary disconnection
  • Improved message signing - HMAC SHA-256 replaces MD5 as hashing algorithm
  • Improved scalability for file sharing - number of users, shares, and open files per server greatly increased
  • Support for symbolic links
  • Client oplock leasing model - limits the data transferred between the client and server, improving performance on high-latency networks and increasing SMB server scalability
  • Large MTU support - for full use of 10-gigabye (GB) Ethernet
  • Improved energy efficiency - clients that have open files to a server can sleep

Além disso,

In Windows 8, Windows 8.1, Windows 10, Windows Server 2012, and Windows Server 2016, disabling SMBv3 deactivates the following functionality (and also the SMBv2 functionality that's described in the previous list):

  • Transparent Failover - clients reconnect without interruption to cluster nodes during maintenance or failover
  • Scale Out – concurrent access to shared data on all file cluster nodes
  • Multichannel - aggregation of network bandwidth and fault tolerance if multiple paths are available between client and server
  • SMB Direct – adds RDMA networking support for very high performance, with low latency and low CPU utilization
  • Encryption – Provides end-to-end encryption and protects from eavesdropping on untrustworthy networks
  • Directory Leasing - Improves application response times in branch offices through caching
  • Performance Optimizations - optimizations for small random read/write I/O

Como habilitar e desabilitar SMBv1, SMBv2 e SMBv3 no Windows e no Windows Server

    
por 06.06.2017 / 15:35