OPS104 Securing SMB from within and without


In this session, Ned Pyle discuss how widely the SMB protocol is used on Windows, Windows Server and in Microsoft Azure. Learn specific strategies to secure it from lateral movement and interception attacks.

IT Ops Talks Hybrid Event: https://aka.ms/ITOpsTalks​
IT Ops Talks Community Chat: https://aka.ms/OPS104-chat​
About SMB over QUIC: https://aka.ms/SMBoverQUIC-Mar20Blog​
SMB Interception Defense: https://aka.ms/smbinterceptiondefense​
Beyond the Edge: How to Secure SMB Traffic in Windows: https://aka.ms/smbtrafficcontrol​

To watch more sessions from the IT Ops Talks: All Things Hybrid event check out our playlist: https://www.youtube.com/playlist?list...​

00:00​ Introduction
02:32​ SMB is everywhere
06:00​ Distributed system defense is hard, not impossible
07:51​ Interception defense
09:22​ Paths to securing SMB
13:40​ PATCH
14:30​ No SMB1
19:03​ No Guest Auth
21:03​ No WebDAV
23:30​ SMB over QUIC coming!
24:26​ Limit outbound SMB
25:58​ UNC Hardening
34:10​ SMB 3.1.1
41:00​ Encryption
44:46​ No NTLM, Harden Kerberos
57:27​ Movement defense
59:58​ Block inbound edge
1:03:30​ Inventory SMB
1:11:00​ Firewall block and allow
1:16:39​ Disable SMB Server
1:23:00​ Final thoughts

0 Replies

Session Resources