Plans of Greenbone to Support SMB Encryption

Greenbone can not perform authenticated scans against a Windows target using SMB Encryption. Currently to perform an authenticated scan with Greenbone we need to use an unencrypted version of SMB. Microsoft states that SMB Encryption protects from man-in-the-middle attacks, so the lack of SMB Encryption is a security risk.

When the community and commercial users can expect to see Greenbone supporting SMB Encryption?

We don’t see details about that in Greenbone’s roadmap.

Please correct me if I am wrong and if there’s a way to enable authenticated scans with SMB Encryption.

@cfi, @Jan

Viele Grüße

References:

  1. Windows Server now supports AES-256-GCM and AES-256-CCM cryptographic suites for SMB encryption.
  2. SMB security enhancements | Microsoft Docs