I have a computer (Windows) on a network where an industrial process is controlled. There is an option in Local Security Policy >> Local Policies >> Security Options >> "Microsoft network client: Digitally sign communications (always)".
By default, this option should be Disabled on Windows machines but all computers that we receive from the vendor has this feature Enabled, so I can only assume that it is intentional. In order to backup to a NAS, I had to disable this feature.
My question is what might the security concerns be considering that this machine is on a local network where an industrial process is being controlled. From Microsoft's website, I get the impression that it prevents man-in-the-middle attacks that modify SMB packets. Is this the full story?
Aucun commentaire:
Enregistrer un commentaire