Disabling SMB v2/v3 on a server protected by Neverfail Continuity Engine

Disabling SMB v2/v3 on a server protected by Neverfail Continuity Engine

Summary

This knowledgebase article provides information regarding what means SMB v2/v3 disablement, and how this should be done on a system protected by Neverfail Continuity Engine. 

Description

What is Windows Server hardening?

System hardening is the practice of minimizing the attack surface of a computer system or server. The goal is to reduce the amount of security weaknesses and vulnerabilities that threat actors can exploit. 

Is it safe to disable SMB v2/v3 in Windows Server?

In some situations, one may desire to disable SMB v2/v3 protocols in order to harden their systems. The immediate question is: Is this safe?
As per Microsoft, "...we recommend that you do not disable SMBv2 or SMBv3. Disable SMBv2 or SMBv3 only as a temporary troubleshooting measure. Do not leave SMBv2 or SMBv3 disabled."
However, if you do wish to proceed with SMB v2/v3 disablement, we highly advise a full review of the following link to understand exactly what you are disabling: Overview of file sharing using the SMB 3 protocol in Windows Server.

Is Continuity Engine impacted by SMB v2/v3 disablement?

SMB v2 feature is a must requirement when installing, upgrading or uninstalling Continuity Engine using the Engine Management Service. But, once deployment or upgrading is completed, Engine doesn't need anymore SMB v2/v3 for its HA/DR operations. So, if there is a strong desire in disabling SMB v2/v3 for hardening your server, then Neverfail recommendation is to disable SMB v2/v3 only after the Engine deployment and configuration is completed. Subsequently, one must enable SMB v2/v3 for allowing Engine upgrade. Then it can be safely disabled again. 

How to detect, enable and disable SMBv1, SMBv2, and SMBv3 in Windows

Just follow all the Microsoft official recommendations and indications from How to detect, enable and disable SMBv1, SMBv2, and SMBv3 in Windows.

Applies to

Continuity Engine 9.x (and later)

    • Related Articles

    • Check Continuity Engine Server Status

      This article describes how to check server status by reviewing several indicators, including the system tray icon, the Server Details page and Applications page in EMS, and Windows services. Check Server Status Learning objectives At the end of the ...
    • How To Clone A Primary Server Deployed As Hyper-V Machine For Building A Secondary Server Without Neverfail EMS Web Console

      Summary This Knowledgebase article provides the step-by-step procedure necessary to replace a server when the server is a Hyper-V Virtual Machine. More Information Initial Assumptions: The Primary/Active server is healthy and will be used as source ...
    • Neverfail IT Continuity Engine v8.0 - Release Notes

      Summary This Knowledge base article provides information about this specific release of Neverfail IT Continuity Engine v8.0 More Information Supporting Documentation A listing of technical documents supporting this version of Neverfail IT Continuity ...
    • Continuity Engine Product Architecture

      Learning objectives At the completion of this session, you should be able to: Identify major components of the Neverfail Continuity Engine product architecture. Describe major component configuration. Identify advantages of the Neverfail Continuity ...
    • Neverfail IT Continuity Engine v7.1.2 - Release Notes

      Summary This Knowledgebase article provides information about this specific release of Neverfail IT Continuity Engine v7.1.2 Overview This release of Neverfail IT Continuity Engine is a patch release that applies to Neverfail IT Continuity Engine ...