Troubleshooting
Problem
Tenable, Nessus, and other security audits may now return a “red flag” for IBM i NetServer stating it accepts SMBv1 protocol and that it should not:
https://www.tenable.com/plugins/index.php?view=single&id=96982
Also see: https://support.microsoft.com/en-us/kb/2696547
and : https://www.us-cert.gov/ncas/current-activity/2017/01/16/SMB-Security-Best-Practices
Also see: https://support.microsoft.com/en-us/kb/2696547
and : https://www.us-cert.gov/ncas/current-activity/2017/01/16/SMB-Security-Best-Practices
Resolving The Problem
The above security exposure poses no danger to the IBM i, however, network administrators may require SMBv1 protocol be disabled in order to protect Windows file servers. Disabling SMBv1 protocol will prevent those clients from being able to access IBM i NetServer systems at 7.1. It will also prevent the IBM i QNTC file system from connecting from IBM i 7.1 systems to Windows File Servers that do not support SMBv1.
IBM i 7.3 NetServer defaults to SMBv2 protocol.
IBM i 7.2 enabled SMBv2 support with NetServer PTFS: MF63692, MF63693, and MF63694 ...and QNTC PTF: SI64984
IBM i 7.2 enabled SMBv2 support with NetServer PTFS: MF63692, MF63693, and MF63694 ...and QNTC PTF: SI64984
For details, please see Document Title: NetServer/QNTC and SMB (Server Message Block) Version 2.0 and Version 3.0 http://www-01.ibm.com/support/docview.wss?uid=nas8N1011878
As the us-cert states: “The benefits of mitigation should be weighed against potential disruptions to users.”
There are no plans to port SMBv2 support back to IBM i 7.1.
There are no plans to port SMBv2 support back to IBM i 7.1.
A public Request For Enhancement (RFE) exists to further communicate customer and IBM i developer plans for this issue: http://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe&CR_ID=101946
Related Information
[{"Product":{"code":"SWG60","label":"IBM i"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":"Not Applicable","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"Version Independent","Edition":"","Line of Business":{"code":"LOB57","label":"Power"}}]
Was this topic helpful?
Document Information
Modified date:
02 March 2021
UID
nas8N1021939