Unsolved
1 Rookie
•
1 Message
2
156
Unity Nas and SMB server signing
our security team have flagged up our UNITY NAS and having a vulnerability where "SMB Signing not required"
have had a look at the link below and it states ( see below)
am i looking at this right , it is already enabled on Unity 450f and used if client requires it.
Does anyone know if it can be enforced on the actual unity like it can be on DD or does it have to be done via group policy for the clients .
i have also ready that it can have a massive performance overhead as well. Has anyone else changed these settings and seen performance issues
Using SMB signing
SMB signing ensures that a packet has not been intercepted, changed, or replayed. The signing guarantees that a third party has not changed the packet. Signing adds a signature to every packet. The client and Unity NAS servers use this signature to verify the integrity of the packet. The Unity NAS servers support SMB1, SMB2, and SMB3.
For SMB signing to work, the client and the server in a transaction must have SMB signing enabled. SMB signing is always enabled on the Unity NAS servers, but is not required. As a result, if SMB signing is enabled on the client, signing is used, and if SMB signing is disabled on the client, no signing is used. Signing can be enforced by Active Directory domain policy
Dell EMC Unity™ Family Configuring Hosts to Access SMB File Systems | Dell UK
DELL-Josh Cr
Moderator
Moderator
•
8.6K Posts
0
February 14th, 2024 21:36
Hi,
Thanks for your question.
It should be enabled by default on Unity, so it has to be enabled on the clients. Maybe test it and see how performance is.
Let us know if you have any additional questions.
fcana
1 Rookie
1 Rookie
•
3 Posts
1
April 22nd, 2024 00:14
Following-up with this question, the article states that "SMB signing is always enabled on the Unity NAS servers, but is not required", how do we go ago about configuring the Unity NAS servers to require SMB signing, what steps should be taken?
DELL-Sam L
Moderator
Moderator
•
7K Posts
0
April 22nd, 2024 16:10
Hello fcana,
Here is a link to the Unity family security configuration guide, and if look on page 38 it explains how to configure SMB signing. https://dell.to/3U66fn7
azureM
1 Rookie
1 Rookie
•
1 Message
0
May 23rd, 2024 06:17
Hello everyone,
I took a look at the Dell Unity™ Family Service Commands Technical Notes (page 115) and currently, there is no option yet available to require SMB signing for the NAS servers on Unity side. SMB signing is enabled by default but there is no option to make it mandatory for every connection. Some security scanners may prompt you to enforce particular GPO policies to require SMB signing, but in our case this was not possible since GPO policies are only applicable for Windows machines and the Unity NAS servers are not running on Windows.
Hope this was helpful for someone.