Block SMB to your Workstations

When was the last time you had a business need to reach the C$ share on one of your workstations?  When was the last time you wanted a user workstation to reach the C$ share on another workstation?

If your answer was never or rarely, then you should block them.  It helps slow lateral movement of an attacker and if you were unpatched against MS17-010, but had this in place it would have prevented the spread of WannaCry.

This has been available since the introduction of the integrated firewall in Windows XP SP2.  It can be configured by Group Policy, so it’s easy to have it automatically applied to new machines as they are put into production.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s