IBM Support

SMBv1 protocol security warning

Troubleshooting


Problem

Tenable, Nessus, and other security audits may now return a “red flag” for IBM i NetServer stating it accepts SMBv1 protocol and that it should not:

 

Resolving The Problem

The above security exposure poses no danger to the IBM i, however, network administrators may require SMBv1 protocol be disabled in order to protect Windows file servers. Disabling SMBv1 protocol will prevent those clients from being able to access IBM i NetServer systems at 7.1. It will also prevent the IBM i QNTC file system from connecting from IBM i 7.1 systems to Windows File Servers that do not support SMBv1.
IBM i 7.3 NetServer defaults to SMBv2 protocol.
IBM i 7.2 enabled SMBv2 support with NetServer PTFS: MF63692, MF63693, and MF63694 ...and QNTC PTF: SI64984
For details, please see Document Title: NetServer/QNTC and SMB (Server Message Block) Version 2.0 and Version 3.0 http://www-01.ibm.com/support/docview.wss?uid=nas8N1011878
As the us-cert states: “The benefits of mitigation should be weighed against potential disruptions to users.”
There are no plans to port SMBv2 support back to IBM i 7.1.
A public Request For Enhancement (RFE) exists to further communicate customer and IBM i developer plans for this issue: http://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe&CR_ID=101946

[{"Product":{"code":"SWG60","label":"IBM i"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":"Not Applicable","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"Version Independent","Edition":"","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}}]

Document Information

Modified date:
02 March 2021

UID

nas8N1021939