Microsoft‘s latest operating system, Windows 11, has a very important novelty related to file sharing on the local network via Samba (SMB). Important security improvements have now been incorporated, with the aim of preventing a cybercriminal from accessing shared files, something that could happen with different brute force attacks on a specific target. Do you want to know what this security measure that Windows 11 will incorporate soon consists of?
SMB protocol enhancements
The Microsoft security team has incorporated a very important security measure to greatly limit brute force or dictionary attacks on an SMB client . Now in Windows 11 Insider Preview we have a speed limiter on SMB authentication. Until now, a cybercriminal could try to authenticate to a computer via SMB without any limits, which could cause file sharing to be slow because the system is busy trying to authenticate him, and it was also a security risk because he could attack it by trying hundreds of users and passwords in a very short time. Now, with this improvement from Microsoft, we are not going to have these problems.
With the latest version of Windows 11 we will have a delay between each failed NTML authentication, i.e. if an attacker sends a total of 300 password attempts per second to a client for 5 minutes, they would have tried a total of 90,000 passwords. Now this same number of attempts would take 50 hours, which greatly slows down illegitimate authentication attempts .
Microsoft’s goal is for the Windows client to be an unappealing target when it’s in a workgroup, like the one we create and configure on a home network. This change also affects local accounts that are in a domain. Of course, this new policy is combined with the fact that the SMB service is not accessible by default, because we must configure it beforehand.
This change is available starting with OS build 25206 , and is enabled by default with a setting of 2 seconds between login attempts. Any user who attempts to enter an incorrect username and password will now have to wait 2 seconds for the next login . We should note that this is only available on Windows Insider, but the version we all have will also receive this improvement in the coming months. In case you use Windows Server, it will also be available soon.
A very important security recommendation is that you always disable the SMBv1 protocol and also SMBv2 , today it is highly recommended to always use SMBv3 because authentication is encrypted and authenticated, something that did not happen with previous versions, which could cause a capture of access credentials. If you have a NAS server and you share files via SMB, make sure that the minimum version is SMB3 and the maximum is also SMB3, in this way, you will be using the latest protocol that is the best in terms of security. The negative part is that some old clients might not connect, because it doesn’t support it.