US-Cert recommends disabling SMB1
Steve French
smfrench at gmail.com
Tue Jan 17 19:06:30 UTC 2017
No surprise that we should disable cifs ... now our challenge
1) make SMB3 (linux kernel implementation clearly) better than cifs including
- the POSIX/Unix Extensions, which we were close to agreement on ...
- compounding (open/query/close)
- some minor feature finishup (xattrs and acls eg)
Although in most ways SMB3 is already better
2) finishup key security features
- Pavel's encryption patches need more review ASAP (he has a
github branch for these and I plan to merge into for-next fairly soon)
- SMB3.1.1 secure negotiate and crypto negotiation finishup
3) more testing to make sure we didn't miss anything ...
On Tue, Jan 17, 2017 at 10:36 AM, Sachin Prabhu <sprabhu at redhat.com> wrote:
> The following advisory was released by US-CERT.
>
> https://www.us-cert.gov/ncas/current-activity/2017/01/16/SMB-Security-B
> est-Practices
>
> Sachin Prabhu
> --
> To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
> the body of a message to majordomo at vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
Thanks,
Steve
More information about the samba-technical
mailing list