Unity Nas and SMB server signing

Question

our security team have flagged up our UNITY NAS and having a vulnerability  where 'SMB Signing not required' have had a look at the link below and it states ( see below) am i looking at this right , it is already enabled on Unity 450f and used if client requires it.  Does anyone know if it can be enforced on the actual unity like it can be on DD  or does it have to be done via group policy for the clients . i have also ready that it can have a massive performance overhead  as well. Has anyone else changed these settings and seen performance issues Using SMB signing SMB signing ensures that a packet has not been intercepted, changed, or replayed. The signing guarantees that a third party has not changed the packet. Signing adds a signature to every packet. The client and Unity NAS servers use this signature to verify the integrity of the packet. The Unity NAS servers support SMB1, SMB2, and SMB3. For SMB signing to work, the client and the server in a transaction must have SMB signing enabled. SMB signing is always enabled on the Unity NAS servers, but is not required. As a result, if SMB signing is enabled on the client, signing is used, and if SMB signing is disabled on the client, no signing is used. Signing can be enforced by Active Directory domain policy Dell EMC Unity™ Family Configuring Hosts to Access SMB File Systems | Dell UK

DELL-Josh Cr · Answer

Hi,

Thanks for your question.

It should be enabled by default on Unity, so it has to be enabled on the clients. Maybe test it and see how performance is.

Let us know if you have any additional questions.

fcana · Answer

Following-up with this question, the article states that 'SMB signing is always enabled on the Unity NAS servers, but is not required', how do we go ago about configuring the Unity NAS servers to require SMB signing, what steps should be taken?

DELL-Sam L · Answer

Hello fcana, Here is a link to the Unity family security configuration guide, and if look on page 38 it explains how to configure SMB signing. https://dell.to/3U66fn7

azureM · Answer

Hello everyone,I took a look at the Dell Unity™ Family Service Commands Technical Notes (page 115) and currently, there is no option yet available to require SMB signing for the NAS servers on Unity side. SMB signing is enabled by default but there is no option to make it mandatory for every connection. Some security scanners may prompt you to enforce particular GPO policies to require SMB signing, but in our case this was not possible since GPO policies are only applicable for Windows machines and the Unity NAS servers are not running on Windows. Hope this was helpful for someone.

Unity

Was this post helpful?