Webcast: Disabling SMBv1 - Pros & Cons

4/26/2018 3334 Contributors

Click here for a short tutorial video.

What is SMB? 1:17

Look at what kind of traffic is running on your network: 4:04

Using Wireshark: 4:58

Question: Would it be more advisable to remove SMBv1 only items from the network? History has proven old technology to be exploited more than once on several occasions: 8:12

Showing an SMBv1 Packet. What does it look like in Wireshark? 9:50

How to identify your exploited areas: 11:20

How to determine if you need to repair your WMI: 12:46

Question: Any other older technologies besides SMBv1 we should scan for with Inventory or patch with PDQ that can be exploited similar to the SMBv1 exploit? 13:56

Question: Instead of disabling SMBv1, is there a way to force v1.0 protocol to communicate over version 2.0 and above? 16:54

Katie’s package of destruction: 18:31

Question: Can we use Inventory to easily find any machines that have SMBv1, or will I need to check with Wireshark only? 24:21

Question: If it says SMB in the filter but then says dialect SMB 2.02 does that mean that “we” tried to negotiate SMBv1 but got bumped up to 2? 28:26