Skip to main content
Start a Conversation

Unsolved

D

DMON66

1 Rookie

 • 

1 Message

156

February 14th, 2024 15:31

Unity Nas and SMB server signing

our security team have flagged up our UNITY NAS and having a vulnerability  where "SMB Signing not required"

have had a look at the link below and it states ( see below)

am i looking at this right , it is already enabled on Unity 450f and used if client requires it. 

Does anyone know if it can be enforced on the actual unity like it can be on DD  or does it have to be done via group policy for the clients .

i have also ready that it can have a massive performance overhead  as well. Has anyone else changed these settings and seen performance issues

Using SMB signing

SMB signing ensures that a packet has not been intercepted, changed, or replayed. The signing guarantees that a third party has not changed the packet. Signing adds a signature to every packet. The client and Unity NAS servers use this signature to verify the integrity of the packet. The Unity NAS servers support SMB1, SMB2, and SMB3.

For SMB signing to work, the client and the server in a transaction must have SMB signing enabled. SMB signing is always enabled on the Unity NAS servers, but is not required. As a result, if SMB signing is enabled on the client, signing is used, and if SMB signing is disabled on the client, no signing is used. Signing can be enforced by Active Directory domain policy

Dell EMC Unity™ Family Configuring Hosts to Access SMB File Systems | Dell UK

1 person also has this problem

DELL-Josh Cr

Moderator

 • 

8.6K Posts

February 14th, 2024 21:36

Hi,

Thanks for your question.

It should be enabled by default on Unity, so it has to be enabled on the clients. Maybe test it and see how performance is.

 

Let us know if you have any additional questions.

fcana

1 Rookie

 • 

3 Posts

April 22nd, 2024 00:14

Following-up with this question, the article states that "SMB signing is always enabled on the Unity NAS servers, but is not required", how do we go ago about configuring the Unity NAS servers to require SMB signing, what steps should be taken?

DELL-Sam L

Moderator

 • 

7K Posts

April 22nd, 2024 16:10

Hello fcana,

Here is a link to the Unity family security configuration guide, and if look on page 38 it explains how to configure SMB signing. https://dell.to/3U66fn7

azureM

1 Rookie

 • 

1 Message

May 23rd, 2024 06:17

Hello everyone,

I took a look at the Dell Unity™ Family Service Commands Technical Notes (page 115) and currently, there is no option yet available to require SMB signing for the NAS servers on Unity side. SMB signing is enabled by default but there is no option to make it mandatory for every connection. Some security scanners may prompt you to enforce particular GPO policies to require SMB signing, but in our case this was not possible since GPO policies are only applicable for Windows machines and the Unity NAS servers are not running on Windows.


Hope this was helpful for someone.

View More

View All

No Events found!

Top