Is SMB 1.0 more vulnerable at the client level or server level
-
@syko24 said in Is SMB 1.0 more vulnerable at the client level or server level:
@Dashrender said in Is SMB 1.0 more vulnerable at the client level or server level:
@JaredBusch said in Is SMB 1.0 more vulnerable at the client level or server level:
@scottalanmiller said in Is SMB 1.0 more vulnerable at the client level or server level:
@syko24 said in Is SMB 1.0 more vulnerable at the client level or server level:
What I would like to do is Windows 10 machine (1 nic connected to network, 1 nic connected via crossover cable) to the XP machine, moves the files off the XP and onto the server share where the files can then be uploaded to the EMR.
That's certainly a "better than nothing" setup. But if it were me, I'd not put myself at risk to protect the decision makers who took on this risk. That makes no sense. Why would you assume that risk for them? They clearly don't care, why do you?
Actually, no, it provides no security, because you enable SMB1 globally for Windows 10, not per NIC. This would cause that machine to then attempt other client connections with SMB1, as well as accept SMB for the admin shares or anything else it has.
AWWW - if that's true - I take back everything I said.. I did completely mean to mention this - can you disable SMB v1 for a given NIC in Windows 10... if you can't then you haven't mitigated the issue, and you can't do it.
What about firewall rules to specific IP addresses?
Like everything else... good for security, but doesn't address the core issue.
-
Which I'm positive that this doctors office is paying for secure document destruction right? Peoples pictures/scans getting printed off and then rescanned and saved to a EMR. . .
-
@DustinB3403 said in Is SMB 1.0 more vulnerable at the client level or server level:
Which I'm positive that this doctors office is paying for secure document destruction right? Peoples pictures/scans getting printed off and then rescanned and saved to a EMR. . .
If you are asking me then yes they have a service that destroys the images/documents.
-
@DustinB3403 said in Is SMB 1.0 more vulnerable at the client level or server level:
@Dashrender I don't think it makes the point as much as you think it does, because the data needs to be secured (which I'm sure somewhere in the specifics of the documentation) says "the data needs to be encrypted".
Which SSL is encrypted, but the files aren't encrypted when printed, likely they aren't encrypted when on the XP or Windows 10 system either.
There are certainly a means to doing this, but I think adding the network, just adds complexity.
No, it does not say it must/needs to be/etc encrypted. It says you are responsible for it, but how you handle that responsibility is up to you... with the bespoken difference for PHI traveling over untrusted (think internet) networks, in which case it does specifically say it must be encrypted.
The big thing a lot of scare companies love to throw around is the 'requirement' to encrypt all laptops. There is no such requirement - what there is, is a pass to anyone who looses a laptop where all PHI is encrypted.
These are the kinds of differences Scott loves to point out all the time.
-
@syko24 said in Is SMB 1.0 more vulnerable at the client level or server level:
@DustinB3403 said in Is SMB 1.0 more vulnerable at the client level or server level:
Which I'm positive that this doctors office is paying for secure document destruction right? Peoples pictures/scans getting printed off and then rescanned and saved to a EMR. . .
If you are asking me then yes they have a service that destroys the images/documents.
huh - must be a pretty big office then... hardly seems worth a service to pickup your shredding. Our staff shreds their bins worth of PHI themselves.
-
@Dashrender said in Is SMB 1.0 more vulnerable at the client level or server level:
@syko24 said in Is SMB 1.0 more vulnerable at the client level or server level:
@DustinB3403 said in Is SMB 1.0 more vulnerable at the client level or server level:
Which I'm positive that this doctors office is paying for secure document destruction right? Peoples pictures/scans getting printed off and then rescanned and saved to a EMR. . .
If you are asking me then yes they have a service that destroys the images/documents.
huh - must be a pretty big office then... hardly seems worth a service to pickup your shredding. Our staff shreds their bins worth of PHI themselves.
Iron mountain is pretty damn cheap and it takes the liability off of the practitioner.
-
@DustinB3403 said in Is SMB 1.0 more vulnerable at the client level or server level:
@Dashrender said in Is SMB 1.0 more vulnerable at the client level or server level:
@syko24 said in Is SMB 1.0 more vulnerable at the client level or server level:
@DustinB3403 said in Is SMB 1.0 more vulnerable at the client level or server level:
Which I'm positive that this doctors office is paying for secure document destruction right? Peoples pictures/scans getting printed off and then rescanned and saved to a EMR. . .
If you are asking me then yes they have a service that destroys the images/documents.
huh - must be a pretty big office then... hardly seems worth a service to pickup your shredding. Our staff shreds their bins worth of PHI themselves.
Iron mountain is pretty damn cheap and it takes the liability off of the practitioner.
Not really, but it does allow the practitioner to assign those resources that were shredding before to hopefully do something of greater value.
-
@DustinB3403 said in Is SMB 1.0 more vulnerable at the client level or server level:
@Dashrender said in Is SMB 1.0 more vulnerable at the client level or server level:
@syko24 said in Is SMB 1.0 more vulnerable at the client level or server level:
@DustinB3403 said in Is SMB 1.0 more vulnerable at the client level or server level:
Which I'm positive that this doctors office is paying for secure document destruction right? Peoples pictures/scans getting printed off and then rescanned and saved to a EMR. . .
If you are asking me then yes they have a service that destroys the images/documents.
huh - must be a pretty big office then... hardly seems worth a service to pickup your shredding. Our staff shreds their bins worth of PHI themselves.
Iron mountain is pretty damn cheap and it takes the liability off of the practitioner.
They do use IronMountain. I don't know the cost off the top of my head but it's not that much.
-
@syko24 said in Is SMB 1.0 more vulnerable at the client level or server level:
@DustinB3403 said in Is SMB 1.0 more vulnerable at the client level or server level:
@Dashrender said in Is SMB 1.0 more vulnerable at the client level or server level:
@syko24 said in Is SMB 1.0 more vulnerable at the client level or server level:
@DustinB3403 said in Is SMB 1.0 more vulnerable at the client level or server level:
Which I'm positive that this doctors office is paying for secure document destruction right? Peoples pictures/scans getting printed off and then rescanned and saved to a EMR. . .
If you are asking me then yes they have a service that destroys the images/documents.
huh - must be a pretty big office then... hardly seems worth a service to pickup your shredding. Our staff shreds their bins worth of PHI themselves.
Iron mountain is pretty damn cheap and it takes the liability off of the practitioner.
They do use IronMountain. I don't know the cost off the top of my head but it's not that much.
Two lucky guesses in a single topic, I'm on a roll!
-
@syko24 said in Is SMB 1.0 more vulnerable at the client level or server level:
@DustinB3403 said in Is SMB 1.0 more vulnerable at the client level or server level:
@syko24 said in Is SMB 1.0 more vulnerable at the client level or server level:
@DustinB3403 said in Is SMB 1.0 more vulnerable at the client level or server level:
Why in God's green earth would you deploy XP today? Or would you continue to operate Windows XP?
The system it runs has an $80,000 camera on it
Also this seems insane that the customer has an $80,000 camera, but can't or won't purchase an updated system to run it.
Medical equipment. That was the price of the current camera. The newer ones are even more ridiculous.
Windows XP and PHI.... What could go wrong?
-
@Dashrender said in Is SMB 1.0 more vulnerable at the client level or server level:
@syko24 said in Is SMB 1.0 more vulnerable at the client level or server level:
@DustinB3403 said in Is SMB 1.0 more vulnerable at the client level or server level:
Which I'm positive that this doctors office is paying for secure document destruction right? Peoples pictures/scans getting printed off and then rescanned and saved to a EMR. . .
If you are asking me then yes they have a service that destroys the images/documents.
huh - must be a pretty big office then... hardly seems worth a service to pickup your shredding. Our staff shreds their bins worth of PHI themselves.
So do people who use most of those services. What the services do is not necessarily offsite shredding, although that does exist for sure, but offsite disposal so that people can't dumpster dive you to reassemble your shredded documents.
-
@scottalanmiller said in Is SMB 1.0 more vulnerable at the client level or server level:
@Dashrender said in Is SMB 1.0 more vulnerable at the client level or server level:
@syko24 said in Is SMB 1.0 more vulnerable at the client level or server level:
@DustinB3403 said in Is SMB 1.0 more vulnerable at the client level or server level:
Which I'm positive that this doctors office is paying for secure document destruction right? Peoples pictures/scans getting printed off and then rescanned and saved to a EMR. . .
If you are asking me then yes they have a service that destroys the images/documents.
huh - must be a pretty big office then... hardly seems worth a service to pickup your shredding. Our staff shreds their bins worth of PHI themselves.
So do people who use most of those services. What the services do is not necessarily offsite shredding, although that does exist for sure, but offsite disposal so that people can't dumpster dive you to reassemble your shredded documents.
Yeah, I suppose if you need to be that secure - that's the way to go.
-
@Dashrender said in Is SMB 1.0 more vulnerable at the client level or server level:
@scottalanmiller said in Is SMB 1.0 more vulnerable at the client level or server level:
@Dashrender said in Is SMB 1.0 more vulnerable at the client level or server level:
@syko24 said in Is SMB 1.0 more vulnerable at the client level or server level:
@DustinB3403 said in Is SMB 1.0 more vulnerable at the client level or server level:
Which I'm positive that this doctors office is paying for secure document destruction right? Peoples pictures/scans getting printed off and then rescanned and saved to a EMR. . .
If you are asking me then yes they have a service that destroys the images/documents.
huh - must be a pretty big office then... hardly seems worth a service to pickup your shredding. Our staff shreds their bins worth of PHI themselves.
So do people who use most of those services. What the services do is not necessarily offsite shredding, although that does exist for sure, but offsite disposal so that people can't dumpster dive you to reassemble your shredded documents.
Yeah, I suppose if you need to be that secure - that's the way to go.
Right, just shredding is for HIPAA. Offsite combination with millions of other shredded documents is for security.
-
If you use one of these, you don't need to lock your car door anymore!
Maybe not even need doors!
-
@Obsolesce said in Is SMB 1.0 more vulnerable at the client level or server level:
If you use one of these, you don't need to lock your car door anymore!
Until someone just steals your wallet sitting on the seat.
-
@scottalanmiller said in Is SMB 1.0 more vulnerable at the client level or server level:
@Obsolesce said in Is SMB 1.0 more vulnerable at the client level or server level:
If you use one of these, you don't need to lock your car door anymore!
Until someone just steals your wallet sitting on the seat.
Lol exactly.
-
@syko24 said in Is SMB 1.0 more vulnerable at the client level or server level:
On Windows 10 you can enable SMB1.0 Server or Client. Does enabling just the client side make the Windows 10 system vulnerable? What I am trying to figure out is if I have a special machine running XP and need to pull data from a share on it, can I enable SMB 1.0 client on a Windows 10 machine, connect a crossover cable and have the 10 machine pull data from the XP share safely? The 10 machine would then move the copied data onto the primary server running Windows Server 2016.
If this is a horrible idea are there any suggestions to make this a secure setup other than replacing the XP machine.
Thanks
Both. We've seen Emotet gobble up an entire network where nothing has been done to patch for EternalBlue which is the exploit in SMBv1.
We remove it _everywhere we manage a network on all endpoints. Period. Full Stop.