SMB Relay Attacks and How to Prevent the Attack from Occurring:

Last week it was revealed that there is a known flaw in Windows that can allow domain credentials to be compromised. Using the aptly named SMB relay, it is possible to leak your credentials when performing normal operations including visiting a web site, using Outlook to read your email or using Windows Media Player. The attack is carried out by the attacker positioning himself between a Windows computer and a server and intercepting the traffic between the two and relaying the traffic back.

Those credentials can then be used by the attacker to authenticate as the user on any Windows servers where the user has an account, including those hosted in the cloud.

Fortunately, there is very easy fix to this problem… Prevent SMB traffic from leaving your Local Area Network through the use of firewalls. That’s all it takes, proper configuration on your firewall to prevent SMB traffic outbound.

Contact The Atteberry Group today for a security evaluation. Let us manage your security so that you can focus on your business.

Written by

With over 20 years of IT experience ranging from internal IT for mid-sized firms, to 10 years of consulting for large accounting and consulting firms, I have worked in hundreds of environments. What I realized is that I enjoy supporting small and mid-sized firms who can’t afford full time IT support at the level they really need. At The Atteberry Group, we will put our experience to work for you at a price that your organization can afford. There are many ways to do IT, but we have seen that the best way makes your business more efficient and does not increase your costs. Give us a call at 213.393.5060 and let us help make IT an asset and not a liability for your company.

Leave a Reply

Your email address will not be published. Required fields are marked *