Stop using the insecure SMBv1/SMB1 protocol

The recent WannaCry ransomware outbreak spread because of a vulnerability in one of the internet’s most ancient networking protocols, Server Message Block version 1 (aka SMBv1 / SMB 1).

Barry Feigenbaum originally designed SMB at IBM. Microsoft has made considerable modifications to the most commonly used version. Microsoft merged the SMB protocol with the LAN Manager product.

The original SMB1 protocol is nearly 30 years old, and like much of the software made in the 80’s, it was designed for the world that no longer exists. The world without malicious actors, without vast sets of important data, without near-universal computer usage. Frankly, its naivete is staggering when viewed through modern eyes.

The Server Message Block, or SMB, protocol is a file sharing protocol that allows operating systems and applications to read and write data to a system. It also allows a system to request services from a server.

This is the protocol mainly used for providing shared access to files, printers, and serial ports and miscellaneous communications between nodes on a network.

In computer networkingServer Message Block (SMB), one version of which was also known as Common Internet File System (CIFS) operates as an application-layer network protocol.

There have been numerous vulnerabilities tied to the use of Windows SMB v1, including remote code execution and denial-of-service exploits. These two vulnerabilities can leave a system crippled, or allow attackers to compromise a system using this vulnerable protocol.

Protocol Version Windows OS
SMB 1 Windows 2000, Windows 2003, Windows XP
SMB 2 Windows Server 2008 and Windows Vista SP1
SMB 2.1 Windows Server 2008 R2 and Windows 7
SMB 3.0 Windows Server 2012 and Windows 8
SMB 3.0.2 Windows Server 2012 R2 and Windows 8.1
SMB 3.1.1 Windows Server 2016 and Windows 10

SMB 1 protocol permits man-in-the-middle exploits and it “isn’t safe” to use. An attacker can use SMB 2 to pull information from the insecure SMB 1 protocol if it exists in a network.

The nasty bit is that no matter how you secure all these things if 
your clients use SMB1, then a man-in-the-middle can tell your client
to ignore all the above. All they need to do is block SMB2+ on 
themselves and answer to your server's name or IP.Your client will 
happily derp away on SMB1 and share all its darkest secrets unless
you required encryption on that share to prevent SMB1 in the first 
place. This is not theoretical-- we've seen it.

                 ~ Ned Pyle, a Principal Program Manager, Microsoft


How to remove SMB V1 /SMB 1 in Windows OS?

Windows 8.1 and Windows 10:

Method-1: Open Control Panel (just start typing Control in the search box to find its shortcut quickly). Click Programs, and then click Turn Windows features on or off (under the Programs heading). Or

Start –> Run –> Type appwiz.cpl –> press enter –> Click Turn Windows features on or off

Clear the check box for SMB 1.0/CIFS File Sharing Support, as shown here. That’s it; you’re protected.


Method-2:  open a Windows PowerShell prompt with administrative privileges. In the Windows 10 Creators Update, version 1703, right-click the Start button and choose Windows PowerShell (Admin) from the Quick Link menu.) If you’re running an earlier Windows 10 version, enter Windows PowerShell in the search box, then right-click the Windows PowerShell shortcut and click Run as administrator. From that elevated PowerShell prompt, type the following command:

Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol

Press Enter and you’re done.

Note You must restart the computer after you make these changes.

Windows 2012 R2, and Windows Server 2016:

Method-1: Launch Server Manager from Command Line.

Press the Windows key + R to open the Run box, or open the Command Prompt. Type ServerManager and press Enter.


Or Launch Server Manager from Taskbar

Task bar

On Server, the Server Manager approach:


Method-2: On Server, the PowerShell approach (Remove-WindowsFeature FS-SMB1):

Remove-WindowsFeature Name FS-SMB1


On legacy operating systems:

When using operating systems older than Windows 8.1 and Windows Server 2012 R2, you can’t remove SMB1 – but you can disable it.

Windows 8 and Windows Server 2012:

Windows 8 and Windows Server 2012 introduce the new Set-SMBServerConfiguration Windows PowerShell cmdlet. The cmdlet enables you to enable or disable the SMBv1, SMBv2, and SMBv3 protocols on the server component. (A cmdlet is a lightweight command that is used in the Windows PowerShell environment.)

  • To disable SMBv1 on the SMB server, run the following cmdlet:

Set-SmbServerConfiguration -EnableSMB1Protocol $false

  •  To enable SMBv1 on the SMB server, run the following cmdlet:

Set-SmbServerConfiguration -EnableSMB1Protocol $true

 Windows Server 2008 R2 and Windows Server 2008:

To enable or disable SMB protocols on an SMB Server that is running Windows 7, Windows Server 2008 R2, Windows Vista, or Windows Server 2008, use Windows PowerShell or Registry Editor.

Windows PowerShell 2.0 or a later version of PowerShell

  • To disable SMBv1 on the SMB server, run the following cmdlet:

Set-ItemProperty -Path “HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters” SMB1 -Type DWORD -Value 0 -Force

  • To enable SMBv1 on the SMB server, run the following cmdlet:

Set-ItemProperty -Path “HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters” SMB1 -Type DWORD -Value 1 -Force

 Note You must restart the computer after you make these changes.

Registry Editor:


This article contains information about how to modify the registry. Make sure that you back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to backup, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:  322756 How to backup and restore the registry in Windows

To enable or disable SMBv1 on the SMB server, configure the following registry key:

Registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\ParametersRegistry entry: SMB1
REG_DWORD: 0 = Disabled
REG_DWORD: 1 = Enabled
Default: 1 = Enabled

Windows Vista, Windows 7, and Windows 8:

  • To disable SMBv1 on the SMB client, run the following commands:

sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi
sc.exe config mrxsmb10 start= disabled

  • To enable SMBv1 on the SMB client, run the following commands:

sc.exe config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi
sc.exe config mrxsmb10 start= auto

Source: Microsoftzdnettechnet.microsoftredmondmagtop-password, techtargetwindowsitpro

Free Network Diagram Tools

At some point, every administrator will need to diagram a network. For some, it’s their primary duty — and they tend to rely on powerful, expensive tools like Microsoft Visio. But for those who need to use a diagramming tool only occasionally, a cheaper solution is best.

Below are the best free best tools to use in Small business centers and for occasional users.

These tools could be used to create diagrams, network diagrams, flowcharts, schemas, maps and so much more. You can use predefined blocks, primitive shapes, raster, and vector images.

1. LibreOffice Draw: 

Draw is part of the LibreOffice suite, an open-source alternative to Microsoft Office. Side-by-side, Draw is similar to Visio in terms of functionality—offering the ability to create basic or complex diagrams, anything from flowcharts and organizational charts to network diagrams and 3D sketches.

LibreOffice Draw runs on Windows, Linux, and Mac OS X.

Tip: LibreOffice Portable lets you run any of the tools from a USB, local hard drive, or the cloud.

To get started, you will need to download and apply a network topology icons pack, available in the form of an extension. A couple of popular ones are VRT Network Equipment and Cisco Network Topology Icons

Network Diagram

To apply for the VRT Network Equipment icons, go to Tools > Extension Manager > Add > choose the extension file you downloaded and it will be added automatically to your extension list.

Alternatively, if you have your own icons or images you wish to use in your diagram, you can add them to your gallery. Open the Gallery by clicking on the icon on the right-hand side, or going to Insert > Media > Clipart Gallery. Here, you can create a New Theme folder and add your images or icons to that folder.

To add Cisco Network Topology Icons, download PMS 3015: EPS (14 MB) from the Cisco website.  To apply for the Cisco network icons, please do it as per the explanation is given below video.

For portable version :


2. CADE:

CADE is a compact but powerful 2D vector editor for Windows. It includes basic Visio functionality and could be used to create diagrams, network diagrams, flowcharts, schemas, maps and so much more.

Free sample diagrams are available to help you get started.

CADE is available for free download.

3. is a free, cloud-based, online diagramming software solution that allows you to create basic network diagrams from a user-friendly interface. You can save directly to Google Drive, Dropbox, OneDrive, or your own device and export the finished product in PNG, SVG, HTML, PDF, or XML format.

Click More Shapes, on the bottom left-hand side, to choose more shapes from pre-defined categories. The Scratchpad allows you to add your own images by dragging and dropping, importing from a file, or specifying an image URL.

4. Dia:

Dia is an open source, GTK+ diagramming tool that has a shallow learning curve and can help you create basic network diagrams. Like CADE, Dia was inspired by Visio — but with a much more casual approach and feel. Dia loads and saves XML-formatted documents that are gziped by default to save space. Dia is also available for Linux, Mac, and Windows.

5. yED:

yEd is freely available and runs on all major platforms: windows, Unix/Linux, and Mac OS X.  It has a great user interface and features diagram creation, auto-layout, data import (GraphML, Excel XLS, GEDCOM, GML, XML), and data export (PDF, SWF, JPG, GIF, BMP, and HTML image maps). The auto-layout feature is particularly cool. It uses a wide range of sophisticated layout algorithms to automatically arrange your diagrams, saving you time and effort.

6. Diagram Designer:

Diagram Designer is another freeware tool that suffers (like Dia) from looking a bit on the outdated side. But Diagram Designer’s ease of use should certainly make up for the old-school feel of the application. DD features include customizable template objects, a spell checker, import/export (WMF, EMF, BMP, JPEG, PNG, MNG, ICO, GIF, and PCX), a slideshow viewer, a graph plotter, a calculator, MeeSoft Image Analyzer integration, and compressed file format.

Source: neweggbusiness, solarwindsmsptechrepublic

WannaCry Ransomware

A massive ransomware campaign hit computer systems of hundreds of private companies and public organizations across the globe – which is believed to be the most massive ransomware delivery campaign to date.
The Ransomware in question has been identified as a variant of ransomware known as WannaCry (also known as ‘Wana Decrypt0r,’ ‘WannaCryptor’ or ‘WCRY’).


What is WannaCry?

Generally, WannaCry comes in two parts. First, it’s an exploit whose purposes are infection and propagation. The second part is an encryptor that is downloaded to a computer after it has been infected.

The first part is the main difference between WannaCry and the majority of encryptors. To infect a computer with a common encryptor, a user has to make a mistake, for example by clicking a suspicious link, allowing Word to run a malicious macro, or downloading a suspicious attachment from an e-mail message. A system can be infected with WannaCry without the user doing anything.

WannaCry-infection-flow02The vulnerability used in this attack (code named EternalBlue) was among those leaked by the Shadow Brokers group. The vulnerability was exploited to drop a file on the vulnerable system, which would then be executed as a service. This would then drop the actual ransomware file onto the affected system, encrypting files with the .WNCRY extension. (A separate component file for displaying the ransom note would also be dropped.) Files with a total of 176 extensions, including those commonly used by Microsoft Office, databases, file archives, multimedia files, and various programming languages.

PropagationIf WannaCry/Wcry entered an organization’s network, it could spread within it very rapidly. Any machine or network that has exposed port 445 to the internet is at risk as well. EternalBlue exploit works over the Internet without requiring any user interaction.

How widespread is the damage?

The attack has been found in 150 countries, affecting 200,000 computers, according to Europol, the European law enforcement agency. FedEx, Nissan, and the United Kingdom’s National Health Service were among the victims.

What is the killswitch?

The worm-spreading part of the WannaCry – which is designed to infect other computers — has a special check at the beginning. It tries to connect to a hardcoded website on the Internet and if the connection FAILS, it continues with the attack. If the connection WORKS, it exits. Thus, by registering this domain and pointing it to a sinkhole server, a researcher from the U.K. successfully slowed the spread of the worm.

British IT expert Marcus Hutchins who has been branded a hero for slowing down the WannaCry global cyber-attack sits in front of his workstation during an interview in Ilfracombe, England, Monday, May 15, 2017. ( Image source: AP)

On the one hand, it does stop further spread of the infection. However, only if the worm is able to connect to the Internet. Many corporate networks have firewalls blocking internet connections unless a proxy is used. For these, the worm will continue to spread in the local network. On the other hand, there is nothing stopping the attackers from releasing a new variant that does not implement a killswitch.

Killswitch Domain

The second domain was sinkholed by Matt Suiche of Comae Technologies, who reported stopping about 10,000 infections from spreading further:

We should thank below given people for saving millions of computers from getting hacked:

  • MalwareTech— very skilled 22-years-old malware hunter (Marcus Hutchins) who first discovered that here’s a kill-switch, which if used could stop ongoing ransomware attack.
  • Matthieu Suiche— security researcher who discovered the second kill-switch domain in a WannaCry variant and prevent nearly 10,000 computers from getting hacked.
  • Costin Raiu— security researcher from Kaspersky Lab, who first found out that there are more WannaCry variants in the wild, created by different hacking groups, with no kill-switch ability.

Not only this, Benjamin DelpyMohamed Saherx0rzMalwarebytesMalwareUnicorn, and many others.

Multiple security researchers have claimed that there are more samples of WannaCry out there, with different ‘kill-switch’ domains and without any kill-switch function, continuing to infect unpatched computers worldwide.

How to Protect Yourself from WannaCry Ransomware?

Here are some simple tips you should always follow because most computer viruses make their ways into your systems due to lack of simple security practices:

1. Always Install Security Updates

If you are using any version of Windows, except Windows 10, with SMB protocol enabled, make sure your computer should always receive updates automatically from the Microsoft, and it’s up-to-date always.

2. Patch SMB (Server Message Block) Vulnerability

Since WannaCry has been exploiting a critical SMB remote code execution vulnerability (CVE-2017-0148) for which Microsoft has already released a patch (MS17-010) in the month of March, you are advised to ensure your system has installed those patches.

Moreover, Microsoft has been very generous to its users in this difficult time that the company has even released the SMB patches (download from here) for its unsupported versions of Windows as well, including Windows XP, Vista, 8, Server 2003 and 2008.

Note: If you are using Windows 10, you are not vulnerable to SMB vulnerability.

3. Disable SMB

Even if you have installed the patches, you are advised to disable Server Message Block version 1 (SMBv1) protocol, which is enabled by default on Windows, to prevent against WannaCry ransomware attacks.

Here’s the list of simple steps you can follow to disable SMBv1:

  1. Go to Windows’ Control Panel and open ‘Programs.’
  2. Open ‘Features’ under Programs and click ‘Turn Windows Features on and off.’
  3. Now, scroll down to find ‘SMB 1.0/CIFS File Sharing Support’ and uncheck it.
  4. Then click OK, close the control Panel, and restart the computer.

4. Enable Firewall & Block SMB Ports

Always keep your firewall enabled, and if you need to keep SMBv1 enabled, then just modify your firewall configurations to block access to SMB ports over the Internet. The protocol operates on TCP ports 137, 139, and 445, and over UDP ports 137 and 138.

5. Use an Antivirus Program

An evergreen solution to prevent against most threats is to use a good antivirus software from a reputable vendor and always keep it up-to-date.

Almost all antivirus vendors have already added detection capability to block WannaCry, as well as to prevent the secret installations from malicious applications in the background.

6. Be Suspicious of Emails, Websites, and Apps

Unlike WannaCry, most ransomware spread through phishing emails, malicious adverts on websites, and third-party apps and programs.

So, you should always exercise caution when opening uninvited documents sent over an email and clicking on links inside those documents unless verifying the source to safeguard against such ransomware infection.

Also, never download any app from third-party sources, and read reviews even before installing apps from official stores.

7. Regular Backup your Files:

To always have a tight grip on all your important documents and files, keep a good backup routine in place that makes their copies to an external storage device which is not always connected to your computer.

That way, if any ransomware infects you, it cannot encrypt your backups.

8. Keep Your Knowledge Up-to-Date

There’s not a single day that goes without any report on cyber-attacks and vulnerabilities in popular software and services, such as Android, iOS, Windows, Linux and Mac Computers as well.

So, it’s high time for users of any domain to follow day-to-day happening of the cyber world, which would not only help them to keep their knowledge up-to-date but also prevent against even sophisticated cyber-attacks.

What to do if WannaCry infects you?

Well, nothing.

If WannaCry ransomware has infected you, you can’t decrypt your files until you pay a ransom money to the hackers and get a secret key to unlock your file.

Never Pay the Ransom:

It’s up to the affected organizations and individuals to decide whether or not to pay the ransom, depending upon the importance of their files locked by the ransomware.

But before making any final decision, just keep in mind: there’s no guarantee that even after paying the ransom, you would regain control of your files.

Moreover, paying ransom also encourages cyber criminals to come up with similar threats and extort money from the larger audience.

So, sure shot advice to all users is — Don’t Pay the Ransom.

“Given the high profile of the original attack, it’s going to be no surprise at all to see copycat attacks from others, and perhaps other attempts to infect even more computers from the original WannaCry gang. The message is simple: Patch your computers, harden your defences, run a decent anti-virus, and – for goodness sake – ensure that you have secure backups.” Cyber security expert Graham Cluley told The Hacker News.

Source: thehackernews, indianexpresskaspersky,  securelisttrendmicro, Microsoft


Ransomware is a sophisticated piece of malware that blocks the victim’s access to his/her files.

There are two types of ransomware in circulation:

Encrypting ransomware, which incorporates advanced encryption algorithms. It’s designed to block system files and demand payment to provide the victim with the key that can decrypt the blocked content. Examples include CryptoLockerLockyCrytpoWall and more.

Locker ransomware, which locks the victim out of the operating system, making it impossible to access the desktop and any apps or files. The files are not encrypted in this case, but the attackers still ask for a ransom to unlock the infected computer.

Examples include the police-themed ransomware or Winlocker.

Ransomware Statistics 2016 [Infographic]


Source: armadacloud, Trendmicro

Nobel Prize of Computing

The ACM A.M. Turing Award is an annual prize given by the Association for Computing Machinery (ACM) to “an individual selected for contributions of a technical nature made to the computing community”. It is stipulated that the contributions “should be of lasting and major technical importance to the computer field”.

According to the Nobel Foundation: “The Nobel Prizes, as designated in the Will of Alfred Nobel, are in physics, chemistry, physiology or medicine, literature, and peace. so, there was no Nobel for Computer Science.

The Turing Award is generally recognized as the highest distinction in computer science and the “Nobel Prize of computing“.

ACMThe award is named after Alan Turing, a British mathematician and reader in mathematics at the University of Manchester. Turing is often credited as being the key founder of theoretical computer science and artificial intelligence.

From 2007 to 2013, the award was accompanied by a prize of US $250,000, with financial support provided by Intel and Google.

Since 2014, the award has been accompanied by a prize of US $1 million, with financial support provided by Google Inc.

The first recipient, in 1966, was Alan Perlis, of Carnegie Mellon University.

The first female recipient was Frances E. Allen of IBM in 2006.

Dabbala Rajagopal “Raj” Reddy is an Indian-American computer scientist is the first person of Asian origin to receive the Turing Award, in 1994, for his work in the field of Artificial Intelligence.

Turing Award 2016 winner:

Sir Tim Berners-Lee, Inventor of the Web

ACM named Sir Tim Berners-Lee, a Professor at Massachusetts Institute of Technology and the University of Oxford, the recipient of the 2016 ACM A.M. Turing Award.

TimBerners-Lee was cited for inventing the World Wide Web, the first web browser, and the fundamental protocols and algorithms allowing the Web to scale. Considered one of the most influential computing innovations in history, the World Wide Web is the primary tool used by billions of people every day to communicate, access information, engage in commerce, and perform many other important activities.

“The idea of a web of knowledge originated in a brilliant 1945 essay by Vannevar Bush. Over the next decades, several pieces of the puzzle came together: hypertext, the Internet, personal computing. But the explosive growth of the Web started when Tim Berners-Lee proposed a unified user interface to all types of information supported by a new transport protocol. This was a significant inflection point, setting the stage for everyone in the world, from high schoolers to corporations, to independently build their Web presences and collectively create the wonderful World Wide Web.”

Berners-Lee invented several integrated tools that would underpin the World Wide Web, including:

  • Uniform Resource Identifier (URI) that would serve to allow any object (such as a document or image) on the Internet to be named, and thus identified
  • Hypertext Transfer Protocol (HTTP) that allows for the exchange, retrieval, or transfer of an object over the Internet
  • Web browser, a software application that retrieves and renders resources on the World Wide Web along with clickable links to other resources, and, in the original version, allowed users to modify web pages and make new links
  • Hypertext Markup Language (HTML) that allows web browsers to translate documents or other resources and render them as multimedia web pages.

Berners-Lee launched the world’s first website,, on August 6, 1991. which can still be visited today even after more than two decades of its creation.

In short, the Web is what it is today because of Sir Tim’s brilliant design, based on his synthesis of several key ideas and his technical leadership. The ACM recognizes Sir Tim with the Turing Award for this enduring contribution to the computing community.

ACM will present the 2016 A.M. Turing Award at its annual Awards Banquet on June 24 in San Francisco, California.

Complete listing of A.M. Turing Award Laureates.

Source: Wikipedia,  amturing.acm, network world, the hackernews

Robert Taylor: Computer & Internet pioneer

Robert William Taylor, known as Bob Taylor a computer scientist who was instrumental in the creation of the internet and modern computer, has died on Thursday, April 13, 2017, He was 85.

Robert Taylor

Biographical Synthesis:

Robert William Taylor was born on February 10, 1932, in Dallas (Texas) and was adopted by Rev. Reymond Taylor, a Methodist minister, and his wife Audrey.

He earned his bachelor’s and master’s degrees in experimental psychology from the University of Texas at Austin. It was there while working on his master’s thesis in experimental psychology, Taylor was dismayed to find that computers of the day were focused on arithmetic and business data processing. They were not interactive; they were clumsy to use and were severely limited in their application. He soon chose to dedicate his career to re-defining computing with a focus on interactive communication, networking, and search technology.

Computer related contributions:
  • Project Manager for NASA (National Aeronautics and Space Administration) in 1961. He directed funding to Douglas Engelbart at the Stanford Research Institute, later called SRI International, who helped develop the modern computer mouse.
  • Director of ARPA‘s (Advanced Research Projects Agency)Information Processing Techniques Office from 1965 through 1969. At that time, ARPA funded most of the nation’s computer systems research. Taylor’s ARPA work is best known for his initiation of the ARPAnet, for sponsoring the continued development of interactive computing, and for funding the research base that was necessary to the creation of the nation’s first Ph.D. granting computer science departments. 
  • In 1968 Mr. Taylor and Dr.Licklider wrote a paper together, “The Computer as a Communications Device“, which drew the broad outlines of how computer networks might transform society.
  • Founder and manager of Xerox PARC‘s (Palo Alto Research Center) Computer Science Laboratory (CSL) from 1970 through 1983. CSL researchers became known worldwide for a number of important innovations necessary to the creation of the Internet. CSL invented and built Ethernet, the laser printer, and the PUP (PARC Universal Packet) protocol. PUP was introduced seven years in advance of the implementation of the Internet protocol, TCP/IP. Within Xerox, all of these technologies enabled the construction of the first internet.

    CSL also designed and built the Alto, the first networked personal computer. It was the first to support a graphical user interface, complete with mouse and a WYSIWYG (What You See Is What You Get) word processor and which was the antecedent of Microsoft Word. The Alto also contained an early page description language, the antecedent of Adobe’s Postscript. 

    In the 1970s, a number of companies essential to the building of the Internet outside Xerox did not exist: Adobe, Apple, Cisco, Microsoft, Sun, and 3Com were among them. In the 1980s, the early products from all these new companies were based primarily on software and technology created in CSL. All of this work occurred during the period of 1970 to 1983 when Taylor led CSL.

  • Founder and manager of Digital Equipment Corporation’s Systems Research Center (SRC) until 1996. SRC also became a world-class research center. It was best known for advancing distributed personal computing, high-performance/high-reliability local area networks, and search engine technology. The Alta Vista search engine created two years before Google. Taylor retired in 1996
Honors and awards:
  • National Academy of Engineering Draper Prize (2004)
  • National Medal of Technology and Innovation (1999)
  • ACM Software Systems Award (1984)

“The Internet is not about technology; it’s about communication. The Internet connects people who have shared interests, ideas, and needs, regardless of geography.”

Mr. Taylor died of complications of Parkinson’s disease, on Thursday, April 13, 2017

Source: computerhope, computerhistory, wikipedia, ecured, nytimes, theguardian, seattletimes