Recommendations for configuring SMB signing

Contributors

You can configure SMB signing behavior between SMB clients and the CIFS server to meet your security requirements. The settings you choose when configuring SMB signing on your CIFS server are dependent on what your security requirements are.

You can configure SMB signing on either the client or the CIFS server. Consider the following recommendations when configuring SMB signing:

If…​ Recommendation…​

You want to increase the security of the communication between the client and the server

Make SMB signing required at the client by enabling the Require Option (Sign always) security setting on the client.

You want all SMB traffic to a certain storage virtual machine (SVM) signed

Make SMB signing required on the CIFS server by configuring the security settings to require SMB signing.

See Microsoft documentation for more information on configuring Windows client security settings.