Start a Conversation

Unsolved

D

1 Rookie

 • 

1 Message

49

February 14th, 2024 15:31

Unity Nas and SMB server signing

our security team have flagged up our UNITY NAS and having a vulnerability  where "SMB Signing not required"

have had a look at the link below and it states ( see below)

am i looking at this right , it is already enabled on Unity 450f and used if client requires it. 

Does anyone know if it can be enforced on the actual unity like it can be on DD  or does it have to be done via group policy for the clients .

i have also ready that it can have a massive performance overhead  as well. Has anyone else changed these settings and seen performance issues

Using SMB signing

SMB signing ensures that a packet has not been intercepted, changed, or replayed. The signing guarantees that a third party has not changed the packet. Signing adds a signature to every packet. The client and Unity NAS servers use this signature to verify the integrity of the packet. The Unity NAS servers support SMB1, SMB2, and SMB3.

For SMB signing to work, the client and the server in a transaction must have SMB signing enabled. SMB signing is always enabled on the Unity NAS servers, but is not required. As a result, if SMB signing is enabled on the client, signing is used, and if SMB signing is disabled on the client, no signing is used. Signing can be enforced by Active Directory domain policy

Dell EMC Unity™ Family Configuring Hosts to Access SMB File Systems | Dell UK

Moderator

 • 

8.5K Posts

February 14th, 2024 21:36

Hi,

Thanks for your question.

It should be enabled by default on Unity, so it has to be enabled on the clients. Maybe test it and see how performance is.

 

Let us know if you have any additional questions.

No Events found!

Top