Audit host_info

Executing an audit of host_info will report if the host supports SMBv1, and if SMB signing is required.

Why Should I Harden This?

• SMBv1 has been deprecated by Microsoft, and does not implement the security features that further versions do. See the article Stop using SMB1.

• SMB signing ensures that the message has not been tampered with, and therefore is successful against the infamous NTLM relay attack through SMB.

How To Harden

SMBv1

• Stop using SMB1.
• How to detect, enable and disable SMBv1, SMBv2, and SMBv3 in Windows.

SMB signing:

• Configure SMB Signing with Confidence.
• Overview of Server Message Block signing.
• Microsoft network server: Digitally sign communications (always).