ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Is SMB 1.0 more vulnerable at the client level or server level

    IT Discussion
    11
    122
    5.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller @syko24
      last edited by

      @syko24 said in Is SMB 1.0 more vulnerable at the client level or server level:

      @scottalanmiller said in Is SMB 1.0 more vulnerable at the client level or server level:

      @syko24 said in Is SMB 1.0 more vulnerable at the client level or server level:

      What I am trying to figure out is if I have a special machine running XP and need to pull data from a share on it, can I enable SMB 1.0 client on a Windows 10 machine, connect a crossover cable and have the 10 machine pull data from the XP share safely?

      If you are only on a Crossover cable, you can do anything safely as your network is not exposed.

      The Windows 10 machine has dual nics. One connected to the network and the other via crossover to the XP.

      Then there are risks, but SMB 1 isn't it, since anything that compromised the system would compromised SMB 3 just as quickly in that scenario.

      1 Reply Last reply Reply Quote 0
      • DustinB3403D
        DustinB3403 @syko24
        last edited by

        @DustinB3403 said in Is SMB 1.0 more vulnerable at the client level or server level:

        @syko24 said in Is SMB 1.0 more vulnerable at the client level or server level:

        If this is a horrible idea are there any suggestions to make this a secure setup other than replacing the XP machine.

        Literally any modern linux desktop or server.

        Why would linux make a difference in this situation? Wouldn't SMB1.0 be the same no matter the client?

        No, because at least a Linux workstation would be up to date if it was hosting the SMB 1.0 share. Using XP as a server is also against the ToS and EULA, and is so out of date that even considering leaving it around is a major issue.

        syko24S 1 Reply Last reply Reply Quote 0
        • Emad RE
          Emad R @syko24
          last edited by Emad R

          @syko24 said in Is SMB 1.0 more vulnerable at the client level or server level:

          @DustinB3403 said in Is SMB 1.0 more vulnerable at the client level or server level:

          Why in God's green earth would you deploy XP today? Or would you continue to operate Windows XP?

          The system it runs has an $80,000 camera on it

          Interested to know the model of the camera, but i think what you might want to do is Windows 2008 R2 with latest patches, i cant think of scenario that Windows 7/2008R2 wont run an XP program.

          And the above has good security updates till 2018 and i think 2008 R2 is still supported ? right ?

          But yeah ditch the XP man, it seems you got used to having it around.

          scottalanmillerS 1 Reply Last reply Reply Quote 0
          • DustinB3403D
            DustinB3403
            last edited by

            An $80,000 camera would likely be a laser scanner for sheet metal accuracy.

            I used to have one of these units that I had to maintain, but it didn't have internet access, the output was directly written to an external USB and the reports were pull from that and saved to the network.

            1 Reply Last reply Reply Quote 0
            • DustinB3403D
              DustinB3403 @syko24
              last edited by

              @syko24 said in Is SMB 1.0 more vulnerable at the client level or server level:

              @DustinB3403 said in Is SMB 1.0 more vulnerable at the client level or server level:

              Why in God's green earth would you deploy XP today? Or would you continue to operate Windows XP?

              The system it runs has an $80,000 camera on it

              Also this seems insane that the customer has an $80,000 camera, but can't or won't purchase an updated system to run it.

              coliverC syko24S Emad RE 3 Replies Last reply Reply Quote 1
              • syko24S
                syko24 @DustinB3403
                last edited by

                @DustinB3403 said in Is SMB 1.0 more vulnerable at the client level or server level:

                @DustinB3403 said in Is SMB 1.0 more vulnerable at the client level or server level:

                @syko24 said in Is SMB 1.0 more vulnerable at the client level or server level:

                If this is a horrible idea are there any suggestions to make this a secure setup other than replacing the XP machine.

                Literally any modern linux desktop or server.

                Why would linux make a difference in this situation? Wouldn't SMB1.0 be the same no matter the client?

                No, because at least a Linux workstation would be up to date if it was hosting the SMB 1.0 share. Using XP as a server is also against the ToS and EULA, and is so out of date that even considering leaving it around is a major issue.

                The camera defaults it's images to a folder on the local drive. That folder is shared. You cannot change the default location.

                DustinB3403D 1 Reply Last reply Reply Quote 0
                • scottalanmillerS
                  scottalanmiller @Emad R
                  last edited by

                  @Emad-R said in Is SMB 1.0 more vulnerable at the client level or server level:

                  Interested to know the model of the camera, but i think what you might want to do is Windows 2008 R2 with latest patches, i cant think of scenario that Windows 7/2008R2 wont run an XP program.

                  Sadly, there are many.

                  1 Reply Last reply Reply Quote 0
                  • coliverC
                    coliver @DustinB3403
                    last edited by

                    @DustinB3403 said in Is SMB 1.0 more vulnerable at the client level or server level:

                    @syko24 said in Is SMB 1.0 more vulnerable at the client level or server level:

                    @DustinB3403 said in Is SMB 1.0 more vulnerable at the client level or server level:

                    Why in God's green earth would you deploy XP today? Or would you continue to operate Windows XP?

                    The system it runs has an $80,000 camera on it

                    Also this seems insane that the customer has an $80,000 camera, but can't or won't purchase an updated system to run it.

                    This sounds like scientific/educational equipment. Most likely that vendor either doesn't exist anymore or the system update is to just buy another 80,000$ camera.

                    1 Reply Last reply Reply Quote 1
                    • syko24S
                      syko24 @DustinB3403
                      last edited by

                      @DustinB3403 said in Is SMB 1.0 more vulnerable at the client level or server level:

                      @syko24 said in Is SMB 1.0 more vulnerable at the client level or server level:

                      @DustinB3403 said in Is SMB 1.0 more vulnerable at the client level or server level:

                      Why in God's green earth would you deploy XP today? Or would you continue to operate Windows XP?

                      The system it runs has an $80,000 camera on it

                      Also this seems insane that the customer has an $80,000 camera, but can't or won't purchase an updated system to run it.

                      Medical equipment. That was the price of the current camera. The newer ones are even more ridiculous.

                      DustinB3403D scottalanmillerS IRJI 3 Replies Last reply Reply Quote 0
                      • DustinB3403D
                        DustinB3403 @syko24
                        last edited by

                        @syko24 said in Is SMB 1.0 more vulnerable at the client level or server level:

                        @DustinB3403 said in Is SMB 1.0 more vulnerable at the client level or server level:

                        @DustinB3403 said in Is SMB 1.0 more vulnerable at the client level or server level:

                        @syko24 said in Is SMB 1.0 more vulnerable at the client level or server level:

                        If this is a horrible idea are there any suggestions to make this a secure setup other than replacing the XP machine.

                        Literally any modern linux desktop or server.

                        Why would linux make a difference in this situation? Wouldn't SMB1.0 be the same no matter the client?

                        No, because at least a Linux workstation would be up to date if it was hosting the SMB 1.0 share. Using XP as a server is also against the ToS and EULA, and is so out of date that even considering leaving it around is a major issue.

                        The camera defaults it's images to a folder on the local drive. That folder is shared. You cannot change the default location.

                        Sure you can

                        1 Reply Last reply Reply Quote 0
                        • Emad RE
                          Emad R @DustinB3403
                          last edited by

                          @DustinB3403 said in Is SMB 1.0 more vulnerable at the client level or server level:

                          @syko24 said in Is SMB 1.0 more vulnerable at the client level or server level:

                          @DustinB3403 said in Is SMB 1.0 more vulnerable at the client level or server level:

                          Why in God's green earth would you deploy XP today? Or would you continue to operate Windows XP?

                          The system it runs has an $80,000 camera on it

                          Also this seems insane that the customer has an $80,000 camera, but can't or won't purchase an updated system to run it.

                          Sadly, there are many. hehe x2

                          I had to deal with clients that paid 100K for unnecessary server room safety and ridiculous hardware that we dont need, and when I told them to get support subscription-like from canonical they were like nah your smart we dont need that.

                          DustinB3403D 1 Reply Last reply Reply Quote 1
                          • DustinB3403D
                            DustinB3403 @Emad R
                            last edited by DustinB3403

                            @Emad-R said in Is SMB 1.0 more vulnerable at the client level or server level:

                            when I told them to get support subscription-like from canonical they were like nah your smart we dont need that.

                            I've left jobs who've said that to me. "Oh you're too cheap to get proper support, well I guess you're F'd now - peace!"

                            1 Reply Last reply Reply Quote 1
                            • syko24S
                              syko24
                              last edited by

                              @coliver said in Is SMB 1.0 more vulnerable at the client level or server level:

                              This sounds like scientific/educational equipment. Most likely that vendor either doesn't exist anymore or the system update is to just buy another 80,000$ camera.

                              Current process is that they print all images and then scan them in. I was just looking to save some steps but not cause a security issue for them.

                              1 Reply Last reply Reply Quote 0
                              • DustinB3403D
                                DustinB3403 @syko24
                                last edited by

                                @syko24 said in Is SMB 1.0 more vulnerable at the client level or server level:

                                @DustinB3403 said in Is SMB 1.0 more vulnerable at the client level or server level:

                                @syko24 said in Is SMB 1.0 more vulnerable at the client level or server level:

                                @DustinB3403 said in Is SMB 1.0 more vulnerable at the client level or server level:

                                Why in God's green earth would you deploy XP today? Or would you continue to operate Windows XP?

                                The system it runs has an $80,000 camera on it

                                Also this seems insane that the customer has an $80,000 camera, but can't or won't purchase an updated system to run it.

                                Medical equipment. That was the price of the current camera. The newer ones are even more ridiculous.

                                Okay, so how much is the added insurance of using an ancient OS to run this? What's the potential lawsuit when this system is compromised?

                                syko24S 1 Reply Last reply Reply Quote 0
                                • syko24S
                                  syko24 @DustinB3403
                                  last edited by syko24

                                  @DustinB3403 said in Is SMB 1.0 more vulnerable at the client level or server level:

                                  @syko24 said in Is SMB 1.0 more vulnerable at the client level or server level:

                                  @DustinB3403 said in Is SMB 1.0 more vulnerable at the client level or server level:

                                  @syko24 said in Is SMB 1.0 more vulnerable at the client level or server level:

                                  @DustinB3403 said in Is SMB 1.0 more vulnerable at the client level or server level:

                                  Why in God's green earth would you deploy XP today? Or would you continue to operate Windows XP?

                                  The system it runs has an $80,000 camera on it

                                  Also this seems insane that the customer has an $80,000 camera, but can't or won't purchase an updated system to run it.

                                  Medical equipment. That was the price of the current camera. The newer ones are even more ridiculous.

                                  Okay, so how much is the added insurance of using an ancient OS to run this? What's the potential lawsuit when this system is compromised?

                                  Again that's why I am asking the question. Does this process allow for a compromise? I mean if someone can get all the way to the camera system through the Windows 10 machine, isn't the Windows 10 machine already compromised?

                                  scottalanmillerS 1 Reply Last reply Reply Quote 1
                                  • DustinB3403D
                                    DustinB3403
                                    last edited by

                                    The vulnerability comes from maintaining a 12 year old OS on your network in any way shape and form. If it's hosting a share (so another system can grab the files from it) there is added risk.

                                    syko24S scottalanmillerS 2 Replies Last reply Reply Quote 0
                                    • syko24S
                                      syko24 @DustinB3403
                                      last edited by

                                      @DustinB3403 said in Is SMB 1.0 more vulnerable at the client level or server level:

                                      The vulnerability comes from maintaining a 12 year old OS on your network in any way shape and form. If it's hosting a share (so another system can grab the files from it) there is added risk.

                                      Understood. If there is an option that allows the client to keep using their working equipment I would like to present it to them. I know the easy answer is to tell someone cough up another $80,000 for something. If it was as simple as buy a new $1,000 computer I would recommend it. The price tag for some equipment is just gouging though. I know it is a reality of running a business.

                                      scottalanmillerS 1 Reply Last reply Reply Quote 0
                                      • DustinB3403D
                                        DustinB3403
                                        last edited by

                                        So @syko24 the goal is to allow the customer to remotely access a file share from an XP machine over the network (presumably because it's easier than having a KVM attached to this XP machine).

                                        Correct?

                                        syko24S scottalanmillerS 2 Replies Last reply Reply Quote 0
                                        • scottalanmillerS
                                          scottalanmiller @syko24
                                          last edited by

                                          @syko24 said in Is SMB 1.0 more vulnerable at the client level or server level:

                                          @DustinB3403 said in Is SMB 1.0 more vulnerable at the client level or server level:

                                          @syko24 said in Is SMB 1.0 more vulnerable at the client level or server level:

                                          @DustinB3403 said in Is SMB 1.0 more vulnerable at the client level or server level:

                                          Why in God's green earth would you deploy XP today? Or would you continue to operate Windows XP?

                                          The system it runs has an $80,000 camera on it

                                          Also this seems insane that the customer has an $80,000 camera, but can't or won't purchase an updated system to run it.

                                          Medical equipment. That was the price of the current camera. The newer ones are even more ridiculous.

                                          They paid that much and didn't work out a support agreement? How do people do their purchasing so poorly?

                                          DustinB3403D DashrenderD 2 Replies Last reply Reply Quote 1
                                          • scottalanmillerS
                                            scottalanmiller @syko24
                                            last edited by

                                            @syko24 said in Is SMB 1.0 more vulnerable at the client level or server level:

                                            @DustinB3403 said in Is SMB 1.0 more vulnerable at the client level or server level:

                                            @syko24 said in Is SMB 1.0 more vulnerable at the client level or server level:

                                            @DustinB3403 said in Is SMB 1.0 more vulnerable at the client level or server level:

                                            @syko24 said in Is SMB 1.0 more vulnerable at the client level or server level:

                                            @DustinB3403 said in Is SMB 1.0 more vulnerable at the client level or server level:

                                            Why in God's green earth would you deploy XP today? Or would you continue to operate Windows XP?

                                            The system it runs has an $80,000 camera on it

                                            Also this seems insane that the customer has an $80,000 camera, but can't or won't purchase an updated system to run it.

                                            Medical equipment. That was the price of the current camera. The newer ones are even more ridiculous.

                                            Okay, so how much is the added insurance of using an ancient OS to run this? What's the potential lawsuit when this system is compromised?

                                            Again that's why I am asking the question. Does this process allow for a compromise? I mean if someone can get all the way to the camera system through the Windows 10 machine, isn't the Windows 10 machine already compromised?

                                            Yes, if you connect an XP machine to anything you risk being compromised AND it is a HIPAA violation. So if that is taking images of patients, you have legal issues with that camera setup.

                                            1 Reply Last reply Reply Quote 1
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 6
                                            • 7
                                            • 2 / 7
                                            • First post
                                              Last post