Sophos Web Appliance SMBv1 Dependecy.

Hi,

I would like to ask:

Would there be any development in Sophos Web Appliance that supports SMBv2 or above?

A friend of mine disabled the SMBv1(in response to the Wanna Ransomware)  that makes the Active Directory integration no longer work.

They are also aware of this KB.

https://community.sophos.com/kb/en-us/126757

 

Thanks,

tech

  • We are in the process of upgrading the SMB/AD integration components on the Web Appliance and will be publishing an update to the product as soon as that work is complete and fully tested. This will allow the SWA to connect to AD services that have disabled SMBv1.

    We hope to do this before the end of July.

  • This SMBv1 dependency is puzzling me.

    We have disabled SMBv1 at the very moment SMBv2 appeared (hear me cough) more than 10 years ago ... It was not because of wannacry. It was because everyone knew already then SMBv1 was a security non-sens. Heck, we knew this was as such well before 2000 ... And if we compound SMBv2 was due, very late, and already outdated when it was released ...

    Sophos knows SMB v3 (knowing 3.0 is actually 2.2) is at its fourth iteration ?

    Jesus help us !!!

    Paul Jr Robitaille

  • In reply to RichBaldry:

    Ok ...

    No Sophos fix on the horizon.

    Would it be possible to at least publish a guide to harden networks (assuming an hypothetic basic and simple network) as much as possible in such a regrettable situation ?

    What needs to have SMBv1 re-enabled ?
         Domain controllers ?
         File servers ?
         Database Servers ?
         Desktops ?
         Anything that access Sophos Firewall ?
         Anything that access Sophos WEB gateway proxys ?
         Exchange servers with or without Pure Message ?

    What Windows Firewall rules can we push (via or not GPO) to have such a non-sense limited as much as possible ?
         Inbound rules ?
              On which machine ?
                   DCs, Desktops, anything else ?
         Outbound rules ?
              On which machine ?
                   DC, Desktops, anything else ?

    A starting point here. Scroll down at third post from M. Andy Pan.
    https://social.technet.microsoft.com/Forums/en-US/6cdee681-7f92-4562-be36-539f458fda58/firewall-rules-to-allow-smb1-to-specific-ip-addresses?forum=winserverNIS