Author Topic: Question on SMB1 Network Protocol  (Read 1294 times)

0 Members and 1 Guest are viewing this topic.

Offline Homer J Simpson

  • Super Contributor
  • ***
  • Posts: 1123
  • Country: us
Question on SMB1 Network Protocol
« on: September 27, 2018, 11:00:45 pm »

This is not something I am that knowledgeable about. Advice and recommendations needed.

I have a Thecus N5200 NAS.

Windows creator update disables SMB1 by default and only allows later versions. States SMB1 is outdated and a security risk.

This NAS only supports SMB1 and was no longer accessible with SMB1 disabled.

I figured out out to re enable SMB1 through >control panel>programs and features>turn windows features on and off.

I am protected by the windows 10 firewall and by my wireless router, WRT3200ACM.

How big of a risk is this having this enabled for a home network if any?

-K



 
 

Offline tsman

  • Frequent Contributor
  • **
  • Posts: 595
  • Country: gb
Re: Question on SMB1 Network Protocol
« Reply #1 on: September 27, 2018, 11:10:48 pm »
Whilst SMB1 is terrible for security + obsolete, if you're just using it on your local network and not connecting to any potentially malicious networks whilst away from home then you're fine to reenable it. It is more of an issue for networks which you don't trust as somebody could interfere or snoop on your SMB1 connections and force your SMB2/3 connections to downgrade to SMB1.
 

Offline Leiothrix

  • Regular Contributor
  • *
  • Posts: 100
  • Country: au
Re: Question on SMB1 Network Protocol
« Reply #2 on: September 27, 2018, 11:39:59 pm »
For a home network no big deal,  presumably you control everything plugged into your own network.

Terrible idea for a corporate network though.
 

Offline Homer J Simpson

  • Super Contributor
  • ***
  • Posts: 1123
  • Country: us
Re: Question on SMB1 Network Protocol
« Reply #3 on: September 27, 2018, 11:41:15 pm »
Ok thanks. That is pretty much what I thought.

I understand its outdated and the improvements SMB3 offers but I did not not want to toss the NAS over this.

When you Google this you get 50% its's the end of the world and the other 50% it is no big deal for a home network.

_k


 

Online NiHaoMike

  • Super Contributor
  • ***
  • Posts: 6541
  • Country: us
  • "Don't turn it on - Take it apart!"
    • Facebook Page
Re: Question on SMB1 Network Protocol
« Reply #4 on: September 28, 2018, 01:43:18 am »
That NAS seems to be PC based, could it be possible to replace the stock firmware with FreeNAS?
Cryptocurrency has taught me to love math and at the same time be baffled by it.

Cryptocurrency lesson 0: Altcoins and Bitcoin are not the same thing.
 

Offline onesixright

  • Frequent Contributor
  • **
  • Posts: 599
  • Country: nl
Re: Question on SMB1 Network Protocol
« Reply #5 on: September 28, 2018, 06:52:19 am »
I wouldn’t say its not a big deal. Of course it is, anyone saying its not, don’r what they talk about. L They underestimate the potential dangers.

I think its only no big deal, if you have nothing worth protecting. But if that would be the case, you probably wouldn’t have asked?

How many devices are in your network?
What type of devices ( do they have access to Internet)?
Do you have  WIFI?
Who has access to it? (Physical and Wireless)
What password policy do you use?
What area do you live?

Many factors determine the actual risks.

If your computer has 2 nics, you could use one NIC dedicated for your NAS. This mostly eliminates access vectors from other devices. Make sure your windows computer is well protected. Don’t let your everyday user be the administrator (create separate user for that). 







Sent from my X using Tapatalk
 

Offline Halcyon

  • Global Moderator
  • *****
  • Posts: 4071
  • Country: au
Re: Question on SMB1 Network Protocol
« Reply #6 on: September 28, 2018, 09:24:06 am »
I wouldn’t say its not a big deal. Of course it is, anyone saying its not, don’r what they talk about. L They underestimate the potential dangers.

I completely understand your point and agree with you for the most part.

SMB1 has some serious vulnerabilities, no disputing that. But for your average home user who doesn't have a good understanding of networking, I think the risk is negligible enough not to really worry about it if precautions are taken. This means, controlling who has physical access to your network (and I include Wi-Fi in that), employ appropriate anti-virus software on ALL your machines, tablets and smartphones, don't open or click on untrusted links and have a decent backup routine. Of course even this doesn't completely negate the risk.

However, if none of your devices need SMB1 support to operate, then I'd be taking steps to move away from it completely. There is no reason to be running obsolete or redundant protocols if you don't need them.

As NiHaoMike already mentioned, I'd be suggesting the OP look at options to upgrade his existing NAS appliance and FreeNAS is an excellent, free alternative which isn't too difficult to set up as long as you have compatible hardware.
 

Offline Ampera

  • Super Contributor
  • ***
  • Posts: 2567
  • Country: us
    • Ampera's Forums
Re: Question on SMB1 Network Protocol
« Reply #7 on: September 28, 2018, 10:35:31 am »
There is a very big difference between the stuff I would put on my own secured home network, and what I would decide to use in a public or production environment. SMB1 doesn't call your neighbor and present itself as a security hole, not that I know of anyways, so go right ahead.

If the NAS is just a PC, I'd put FreeBSD on it (or FreeNAS if you don't want all the bother of tinkering with FreeBSD) and use something other than SMB entirely, as I am just about sick of having to use the damn protocol. Support for it, in my experience, has always been a clusterfuck on anything that's not Windows, and still a pain in the ass on Windows, especially as compared to FTP, or just about anything else.

I've spent damn hours trying to even connect to an SMB share on BSD and Linux, never mind mount it and use it as a mapped network drive, where FTP usually worked out of the box and with little bother.

Maybe even NFS is another nice option, I've never used it personally, but it would have to turn the NIC into hot molten slag in order to be worse than SMB.
Professional complainer-in-chief criticizing other people's code
Programmer and bumbling Unix fool
Op @ EEVBlog IRC: irc.austnet.irc #eevblog
 

Offline Homer J Simpson

  • Super Contributor
  • ***
  • Posts: 1123
  • Country: us
Re: Question on SMB1 Network Protocol
« Reply #8 on: September 28, 2018, 01:10:49 pm »
Thanks for all of the responses.

I have gone back and disabled SMB 1 for now until I have a better understanding the risks.

No devices other than mine would physically connect to my network.

Only my wireless devices and those of family members would be connected.

I am not into the "IoT" craze but I do have a Honneywell wireless thermostat and a Fitbit scale and tracker that are connected.

Those devices concern me, again I not an expert in networking. Are those devices, from "trusted" manufactures a risk. Dose SMB3 minimize that risk?

I have considered setting up an older router isolated from my main network just for those devices.

The N5200 NAS has the OS installed on a ROM daughter card - most likely not possible to upgrade or more trouble than its worth.

How about NFS? I read briefly on this. Most comments were that it sacrifices a lot of speed.

-K


« Last Edit: September 28, 2018, 01:19:21 pm by Homer J Simpson »
 

Online NiHaoMike

  • Super Contributor
  • ***
  • Posts: 6541
  • Country: us
  • "Don't turn it on - Take it apart!"
    • Facebook Page
Re: Question on SMB1 Network Protocol
« Reply #9 on: September 28, 2018, 01:26:10 pm »
NFS is actually faster than SMB.
Cryptocurrency has taught me to love math and at the same time be baffled by it.

Cryptocurrency lesson 0: Altcoins and Bitcoin are not the same thing.
 

Offline Homer J Simpson

  • Super Contributor
  • ***
  • Posts: 1123
  • Country: us
Re: Question on SMB1 Network Protocol
« Reply #10 on: September 28, 2018, 01:36:49 pm »


So would switching to NFS mute the whole issue?
 

Offline Ampera

  • Super Contributor
  • ***
  • Posts: 2567
  • Country: us
    • Ampera's Forums
Re: Question on SMB1 Network Protocol
« Reply #11 on: September 28, 2018, 05:13:13 pm »
As said, if it's PC based, stick just another OS on, FreeBSD is my choice, but there's a big load of options you can pick, and I would use either FTP or NFS. I've never used the latter, but I've heard good things. There should also be NFS mounting support in Windows, I believe.
Professional complainer-in-chief criticizing other people's code
Programmer and bumbling Unix fool
Op @ EEVBlog IRC: irc.austnet.irc #eevblog
 

Offline Halcyon

  • Global Moderator
  • *****
  • Posts: 4071
  • Country: au
Re: Question on SMB1 Network Protocol
« Reply #12 on: September 29, 2018, 01:24:38 am »
So would switching to NFS mute the whole issue?

It would, yes, if you disable Samba services. But if you're primarily using Windows clients, NFS can be a pain.
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf