Muchirevo ichi zvinoonekwa SMB paQUICQuic imhando ye "SMB VPN" yemazuva ano inosanganisira nzira yekare yekugovana mafaira eWindows mukati meQUIC, ichishandisa TLS 1.3 encryption uye kuvandudzwa kwekutsungirira kune network dzisingavimbike, zvichichinja zvachose mashandisiro atinoita zviwanikwa zvakagovaniswa paindaneti. Muchinyorwa chino, muchaona, zvakadzama, mashandiro ayo, zvaunoda kuti uigadzirise, maitiro ekuibata, uye maitiro ekusimbisa kuchengetedzeka kwenzvimbo yako.
Chii chinonzi SMB kupfuura QUIC uye nei chichichinja mutambo?
SMB paQUIC Kushanduka kweSMB transport ndiko kunotsiva TCP 445 yekare neQUIC pane UDP 443. Panzvimbo pekuisa SMB port yechinyakare paInternet, panowanikwa nzira yakachengeteka ine TLS 1.3 pamusoro peQUIC, kuitira kuti mapaketi ese agare akavharirwa uye akatenderwa kubva pakutanga chaipo.
Iyo QUIC protocol, yakagadziridzwa neIETF, inopa zvakanakira zvakajeka kupfuura TCPKuchengetedza ruzivo (encryption) kunosungirwa mumapaketi ese, handshake protocol inoshandisa TLS 1.3 yakatenderwa, inobvumira kufamba kwakavimbika uye kusina kuvimbika kweparallel flows pakubatana kumwe chete, inotumira data reapplication pa0-RTT kuderedza latency yekutanga, inovandudza kudzora kuzara kwedata uye kudzoreredza madonhwe, uye inotsigira shanduko dzeIP kana port pasina kudonhedza chikamu.
Patinoshandisa SMB mukati meiyi QUIC tunnelKufamba kweSMB—kusanganisira kusimbiswa, kubvumidzwa, uye data—hazvimboonekwi mumashoko akajeka kune network iri pasi. Mutengi anoona SMB share yakajairika, ine mukana wekuwana nzira dzakawanda, kusaina, kudzvanywa, kuwanikwa kwakanyanya, kukweretesa dhairekitori, nezvimwe zvinhu zvakajairika, asi zvese zvinofamba zvakavharirwa uye zvakavharirwa pamusoro peUDP port 443, iyo inoenderana zvakanyanya nefirewall uye network dzeveruzhinji.
Mukuita, SMB pamusoro peQUIC inopa a VPN chaiyo yemafaira Yakagadzirirwa vashandi vari kure, nharembozha, mahofisi emapazi, nemasangano ane zvinodiwa zvekuchengetedza zvakanyanya. Mushandisi anoshanda sekunge ari panetwork yemukati, asi asina kuisa VPN yechinangwa chakajairika uye asina kuvhura port 445 kunze.
Pfungwa yakakosha: SMB pamusoro peQUIC haishande pachayoMutongi ndiye anofanira kuigonesa pafaira server. Ma-SMB client paWindows achiri kushandisa TCP nedefault uye anoedza chete QUIC kana TCP ikatadza kupinda pakutanga, kana kana transport ikamanikidzwa nemirairo yakaita seNET USE /TRANSPORT:QUIC kana New-SmbMapping -TransportType QUIC.
Zvinodiwa pakuisa SMB paQUIC
Usati watanga chero chinhu, unofanirwa kutarisa zvinodiwa zvekutanga zvezvivakwaHazvina kunyanya kuoma, asi zvichiri zvakanaka kutaura zvakajeka nezvazvo kuti usaite zvikanganiso zvisina musoro pakugadzira.
For the SMB serverUnofanira kumhanyisa edition inotsigira QUIC, yakaita seWindows Server 2022 Datacenter: Azure Edition kana gare gare, woigadzirisa se edge file server kana yakafanana. Inogona zvakare kushandiswa muAzure On-premises scenarios uye mushanduro dzemangwana seWindows Server 2025.
Kudivi re mutengiWindows 11 Enterprise Edition inodiwa, sezvo kugona kweSMB pamusoro peQUIC kwakagadzirirwa nharaunda dzemakambani. Mudziyo unofanirwa kukwanisa kugadzirisa zita reseva kuburikidza neDNS kana, kana zvikasadaro, unofanira kuritsanangura mufaira rayo reHOSTS.
Panyaya yekuzivikanwa, mamiriro ezvinhu anokurudzirwa ndeekuti Seva yeSMB nemutengi zvakabatanidzwa kuActive Directory domainSevha inofanira kukwanisa kubata kanenge kamwechete dhomini controller kuti isimbiswe, kunyange hazvo ma controller aya asingade internet. Magadzirirwo eboka rekushanda ane maakaundi emunharaunda neeNTLM anotsigirwawo, pamwe nema server akabatanidzwa neMicrosoft Azure IaaS, asi ane zvimwe zvipingamupinyi pakushanda kwekuchengetedza kuri kure.
Nezvekubatana, sevha inofanira kunge iri inowanikwa kubva paInternet kuburikidza neinternet yayo yeruzhinjinemutemo wefirewall unobvumira traffic yeUDP/443 inouya. Zvakakosha kuti usaburitse TCP port 445 kubva paInternet; kana uchida mamwe maports, Microsoft inokutendera kuti uchinje marongero eSMB port, asi pfungwa huru ndeyekuti: UDP 443 hongu, TCP 445 kwete.
Pachirongwa chekuchengetedza, public key infrastructure (PKI) iyo inopa zvitupa zvinoshanda zve QUIC server. Izvi zvinogona kuva Active Directory Certificate Services kana trusted external authority (DigiCert, GlobalSign, Let's Encrypt with the akakodzera profile, nezvimwewo). Uye, zvechokwadi, maneja achagadzirisa SMB paQUIC anofanira kunge aine kodzero dzekutonga paserver.
Kuiswa uye kugadzirwa kwesevhisi yeserver
Chinhu chikuru chekuchengetedza muSMB pamusoro peQUIC ndicho chitupa cheTLS chesevaPasina chitupa chakapihwa uye chakaiswa nemazvo, mugero weQUIC hauzogadzikiswe nemazvo uye mutengi haazovimbi nekubatana kwacho.
Chitupa ichocho chinofanira kusangana nezvimwe zvinodiwa zvehunyanzvi zvakananga: kushandiswa kwekiyi yedhijitari yesaini, chinangwa chekusimbisa server (EKU 1.3.6.1.5.5.7.3.1), algorithm yesaini ingangoita SHA256RSA, SHA256 hash kana kupfuura, uye kiyi yeruzhinji zviri nani ECDSA_P256 (kunyangwe RSA ine zvishoma 2048 bits inotsigirwa). Pamusoro pezvo, Subject Alternative Name (SAN) inofanira kunge iine zvese DNS entries zvichashandiswa kuwana SMB server.
Chitupa chinofanira kusanganisira kiyi yakabatana yakabatana uye ibudiswe nesangano rinoonekwa nevatengi serinovimbika. CN field yemupi inogona kuchinjika, asi cheni yekuvimba inofanira kunge ichishanda uye yakakwana. Munzvimbo dzine Microsoft corporate CA, zvakajairika kugadzira template chaiyo yeSMB pamusoro peQUIC uye kubvumira vatariri kudoma mazita eDNS pavanenge vachikumbira chitupa.
Muzviitiko zvine Microsoft Enterprise CA, maitiro akajairika anosanganisira kuvhura MMC paseva, kuwedzera chitupa cheakaundi yechikwata, uye, muchitoro chePersonal, kutanga a chikumbiro chegwaro idzvaMutemo wekunyoresa weActive Directory unosarudzwa, template yakakodzera inosarudzwa, uye minda yeSubject neSAN inozadzwa nemazita eDNS ayo vatengi vachashandisa.
Kana kunyoresa kwapera, chitupa chichaonekwa muchitoro chemidziyo yemuno. Kubva ipapo zvichienda mberi, chinogona kushandiswa mune zvese zviri zviviri SMB paQUIC pamwe chete nemabasa anobatsira akadai seKDC proxy kana zvikasarudzirwa kuishandisa gare gare.
Kugadziriswa kweSMB pamusoro peQUIC paseva
Kana wangove nechitupa chagadzirira, inguva yekuti Shandisa uye gadzirisa SMB pamusoro peQUICMicrosoft inokutendera kuti uite izvi kubva kuWindows Admin Center (WAC) nePowerShell, zvichienderana nezvaunoda uye shanduro yesystem.
Nekugonesa chinhu ichi, sevha inobatanidza Chitupa cheTLS chakasarudzwa panzvimbo yekupedzisira yeQUIC iyo ichateerera paUDP 443. Kubva panguva iyoyo zvichienda mberi, vatengi vanokwanisa kushandisa SMB pamusoro peQUIC vachakwanisa kugadzira nzira yakavharidzirwa kuseva chero bedzi vachigadzirisa zita reDNS rechitupa uye vachikwanisa kusvika pachiteshi 443/UDP.
Windows Admin Center inowanzova nebhatani rekuti "Configure" kana rakafanana neSMB paQUIC. Zvisinei, kune dzimwe nguva dzakataurwa apo bhatani risingapinduri, kazhinji nekuda kwe shanduro dzekare dzeWAC, kuwedzerwa kwakatyoka, kana zvinodiwa zvisina kuzadzikiswa (Semuenzaniso, muchina wacho ungasava Azure Edition, mabasa angasavepo, kana kuti chitupa chingasave chinoshanda.) Muzviitiko izvi, zvinokurudzirwa kutarisa mavhezheni, kuona kuti sevha inosangana nezvinodiwa, uye, kana zvichidikanwa, enderera mberi nekugadzirisa uchishandisa PowerShell.
Kuwedzera kune gadziriro yekutanga, zvinogoneka shandisa mitemo yekuwana kuganhurira kuti ndeapi vatengi vanogona kushandisa QUIC, kuisanganisa neAzure Automanage kuti itarisire zvitupa uye kutarisa mamiriro ekugadziriswa, uye kuibatanidza nezvimwe zvinhu zvepamusoro zvakaita se client access control uye KDC proxy.
Kubatanidza vatengi kune zvakagovaniswa zviwanikwa zveSMB pamusoro peQUIC
Kune mushandisi wekupedzisira, pfungwa ndeyekuti mukana wekuwana unofanira kunge uri nyore sezvinobvira. pachena uye zvinozivikanwa Zvinogoneka, sekunge zviri mukati me network yekambani. Zvisinei, kune nzvimbo dzakawanda dzekugadzirisa dzinofanira kuongororwa.
Danho rekutanga nderekubatanidza mudziyo weWindows 11 kudomeni (kana zvichibvira) uye kuve nechokwadi chekuti Mazita eDNS eseva anotsanangurwa muSAN yechitupa Izvi zvinoenderana nezvinyorwa zviri muDNS kana faira reHOSTS. Kubva kunze kwenetwork yemukati, mutengi haazooni ma IP epachivande, saka zita rekunze rakaburitswa rinofanira kushandiswa, kana kuti, Shandisa OneDrive kugovera mafaira mune zviitiko apo kuburitsa maSMB hakugoneki.
Pakuyedza, zvinokurudzirwa kutamisa michina kuenda kune imwe network yekunze uko pasina mukana wekupinda zvakananga kudomain kana ma IP emukatiIzvi zvinosimbisa kuti kupinda kunoitwa kuburikidza neQUIC kwete nenzira yekare yeLAN.
Kubva kuWindows File Explorer, unogona kunyora nzira yeUNC kuenda kune shared resource, senge \\fsedge1.contoso.com\ventas, uye wosimbisa kuti unogona kuiwana pasina matambudziko. Kana uchida kumanikidza zvakananga kushandiswa kweQUIC, unogona kushandisa mirairo yakaita se KUSHANDISA KWEMABHUKU/KUTAKURA: ZVINOKURUMIDZA o Kugadzira Mamepu Itsva -Type Yekutakura QUIC, zvichiratidza nzira yeUNC inodiwa.
Semuenzaniso, murairo we "mapping" unogona kutanga waedza TCP uye, kana izvozvo zvikatadza, chinja kuenda kuQUIC, kana kuti unogona kungogumira kuQUIC chete. New-SmbMapping inoitawo kuti izvi zvive nyore. govera mabhii ekutyaira kune zviwanikwa zviri kure, chimwe chinhu chakanakira mushandisi akajaira kushanda nemadhiraivha ekare enetwork.
Kuongorora nekutonga kweSMB kuburikidza neQUIC
Kana SMB pamusoro peQUIC yatanga kushanda, zvakakosha kuva Kuonekwa kwekuti ndiani ari kubatana, sei, uye kubva kupiKuti izvi zviitike, Microsoft yakabatanidza kugona kwekuongorora kune ese ari maviri mutengi uye server.
MuWindows 11 (kutanga nevhezheni 24H2), mutengi weSMB anosanganisira zviitiko zvakananga zvekufambisa kweQUIC. Iyo Event Viewer inokutendera kuti uone magwaro aya munzira. MaLog eApplication neSevhisi\Microsoft\Windows\SMBClient\Kubatana, uko zviitiko zvakaita seID 30832 zvine chekuita nekubatana kweSMB pamusoro peQUIC zvinogadzirwa.
PaSMB server, unogona kuita kuti odhita ive neruzivo rwakadzama nekushandisa Set-SmbServerConfiguration -AuditClientCertificateSvika $trueKubva panguva iyoyo zvichienda mberi, maLogs eApplications and Services Logs\Microsoft\Windows\SMBServer\Audit anoratidza zviitiko zvinoshuma kana kupinda kwakabvumidzwa kana kurambwa, kusanganisira data rema client certificate (musoro wenyaya, mupi, serial number, SHA1 neSHA256 hash) uye mitemo yekudzora kupinda yakashandiswa.
Zviitiko izvi zvinosanganisira chiratidzo chekubatanidza Izvi zvinoita kuti zvive nyore kubatanidza zvinoonekwa pamutengi nezvakanyorwa paseva, zvichiita kuti mabasa ekugadzirisa matambudziko akwanise kuitwa kana paine chakundikana kana kuti paunenge uchida kuongorora maitiro asina chokwadi akaitika.
Kushandisa KDC proxy sechisarudzo kuchengetedza Kerberos
Nekugadzirwa kwayo, kana mutengi akabatana kubva paInternet kuenda kune Sevha yeSMB paQUICKazhinji haikwanise kupinda zvakananga kuActive Directory domain controllers. Muchiitiko ichocho, authentication inowanzo dzokera kuNTLMv2, nefaira server richisimbisa panzvimbo yemutengi, nguva dzose riri mukati meQUIC tunnel yakavharwa neTLS 1.3.
Kunyangwe NTLMv2 yakachengetedzwa mukati memugero uye isingabudi kune network nemavara akajeka, nzira dzakanaka dzekuchengetedza dzinokurudzira ramba uchishandisa Kerberos Pose pazvinogoneka, dzivisa kugadzira zvinhu zvitsva zveNTLMv2. Apa ndipo panopinda KDC proxy, ichitumira zvikumbiro zvetikiti zveKerberos panzvimbo yemushandisi kuburikidza neHTTPS chiteshi chinoenderana neinternet.
Kuti uigadzirise, zvinotevera zvinotanga zvagadzirwa pafaira server: Kuchengetedzwa kweHTTP URL yebasa reproxy Uchishandisa NETSH, maKPSSVC service registry values ​​​​anogadziriswa kuti abvumire rudzi rwekuvimbisa rwunodiwa, uye chigunwe cheSMB certificate pamusoro peQUIC chinosungirwa kuHTTPS endpoint 0.0.0.0:443 neAdd-NetIPHttpsCertBinding.
Zvakakoshawo kuwedzera Mamwe mazita eSMB server pamusoro peQUIC, akadai seSPN MuActive Directory, semuenzaniso uchishandisa NETDOM, kuitira kuti sevha ikwanise kumiririra zvakanaka hunhu hwebasa muKerberos. Pakupedzisira, sevhisi yeKDC proxy inoiswa kukutanga otomatiki uye inotanga.
Kudivi remutengi, mutemo weboka wakagadzirirwa muComputer Configuration\Administrative Templates\System\Kerberos\Specify KDC proxy servers dzemaKerberos clients, uko domain yemukati (semuenzaniso, corp.contoso.com) yakarongwa kuexternal HTTPS URL yeQUIC server (semuenzaniso, https fsedge1.contoso.com:443:kdcproxy/). Nenzira iyi, mutengi anoziva kuti kana mushandisi anobva kudomain iyoyo akabatana neexternal published file server, anofanira Shandisa proxy yeKDC kuti uwane matikiti.
Kutarisira hupenyu hwechitupa muSMB paQUIC
Zvitupa hazvigari nekusingaperi, uye kana SMB paQUICKuvandudzwa kwega kwega kunounza chigunwe chitsva chedhijitari. Kunyangwe kana nzira dzekugadzirisa otomatiki dzikashandiswa neActive Directory Certificate Services, chokwadi chekuti chigunwe chinoshanduka zvinoreva kuti basa rekupa chitupa muQUIC configuration rinofanira kugadziriswa.
Kana chitupa chave kuda kupera kana kuti chiri kuvandudzwa, unofanira sarudzazve chitupa muWindows Admin Center Kuti uwane magadzirirwo aripo, kana kuti shandisa PowerShell cmdlet Set-SMBServerCertificateMapping ichinongedzera kufingerprint itsva. Kana danho iri rikasiyiwa, kubatana kweSMB pamusoro peQUIC kunogona kukanganiswa zvisingatarisirwi.
Kuti tidzivise kushamisika, Microsoft inokurudzira kutsigira manejimendi iyi nezvishandiso zvakaita se Azure Automanage yeWindows ServerSisitimu iyi inoongorora mamiriro emasitifiketi uye zviziviso (kana kutogadzirisa) matambudziko asati adzima sevhisi. Munzvimbo dzinowanikwa vanhu vakawanda uye dzakakosha, izvi zvinoita mutsauko mukuru.
Mutengi kupinda kutonga nezvitupa
Kupfuura kusimbiswa kuri nyore, SMB pamusoro peQUIC inogonawo kushanda kutonga kwekupinda kwakavakirwa pazvitupa zvemutengiNdiwo mamwe mazinga ekuchengetedza anorambidza kuti ndeapi maturusi anogona kugadzira QUIC tunnel neseva, kunyangwe vachiziva humbowo hwayo.
Maitiro acho anoshanda seizvi: sevha inoda kuti mutengi aratidze ketani yezvitupa inoshanda uye yakavimbikaKubva pane cheni iyoyo, runyorwa rwekudzora kupinda rwunotariswa runogona kunge ruine mvumo kana ma block entries, ese ari maviri ezvitupa (zvakaratidzwa neSHA256 hash yavo) uye kune vanopa zvizere (pakati kana kuti root CAs).
Kuti izvi zvishande, zvinodiwa zvekusimbisa mutengi zvinotanga zvabvumidzwa ne Set-SmbServerCertificateMapping -RequireClientAuthentication $trueZvadaro, kunyoreswa kwezvitupa zvevatengi zvinobvumidzwa kana kuvharwa kunotanga uchishandisa ma cmdlets akadai seGrant-SmbClientAccessToServer, Revoke-SmbClientAccessToServer, Block-SmbClientAccessToServer, uye Unblock-SmbClientAccessToServer.
Muenzaniso uyu unobvumira, semuenzaniso, mvumo yeCA yese yekambani Uye, panguva imwe chete, ramba mukana wekuwana chitupa chakati chinoonekwa sechisina kurongeka. Kana kuti zvinopesana: vhara CA yese asi bvumidza chitupa chakati chega chega. Mitemo yekuramba inotangira mitemo yemvumo, izvo zvinobatsira kuderedza njodzi.
Kubva pamaonero emutengi, zvakakwana kuti chitupa chekusimbisa mutengi chibudiswe muchitoro chake chemuno (EKU 1.3.6.1.5.5.7.3.2) neCA inovimbwa nesevha. Mutariri anogona kutora chigunwe chetifiketi kana Subject kubva kuPowerShell (Get-ChildItem Cert:\LocalMachine\My, filters by Subject, nezvimwewo) uye ochishandisa gare gare kugadzirisa runyorwa rwekusvika pasevha.
Kuedzwa kwekubatana uye kugadzirisa matambudziko
Nzira yakanaka yekushandisa SMB paQUIC ndeyekutevera nhevedzano ye controlled tests usati waivhura kusangano rese. Nenzira iyi, matambudziko echitupa, DNS, kana firewall anowanikwa nekukurumidza, uye vatungamiriri vanogona kubvunzwa kana zvichidikanwa. gadzirisa matambudziko ekuwana mafaira.
Kubva kumutengi, unogona kutanga nekugadzira mapping uchishandisa `NET USE \\server\resource /TRANSPORT:QUIC` kana `New-SmbMapping -RemotePath \\server\resource -TransportType QUIC`. Kana pachinzvimbo chekubatanidza ukagamuchira meseji yekuti sevha yaramba kupinda, zvichida imhaka yekuti... Kupihwa kwezvitupa uye kugamuchira QUIC tunnel kuri kushandaZvisinei, kutonga kwemushandisi wekombuta kunofanirwa kugadziriswa kana kuti mvumo dzinofanira kuongororwa.
Panguva imwe chete, zvakakosha kuongorora magwaro ezviitiko zvekubatana kwevatengi uye kuongororwa kweseva yakakurukurwa kare. Ipapo uchaona kuedza kwakabudirira nekukundikana, neruzivo rwakadzama nezve cheni yezvitupa nemitemo yakashandiswa mune imwe neimwe nyaya.
Zvinokurudzirwawo kutarisa kubva kuseva kuti mitemo yefirewall Vanobvumira UDP 443 inopinzwa mukati uye TCP 443 pazviitiko apo KDC proxy kana mamwe masevhisi eHTTPS anobatanidzwa anoshandiswa, uye kuti TCP 445 haina kuratidzwa netsaona paInternet.
Nzira dzakanakisisa dzekuparadzanisa traffic yeSMB uye kupatsanura
Kunyangwe SMB pamusoro peQUIC ichipa dziviriro yakasimba kune traffic yemafaira paInternet, zvichiri kukurudzirwa kuita nzira dzekuparadzanisa uye dzekuparadzanisa kuderedza nzvimbo yekurwiswa pakati pemidziyo iri panetwork.
Gwaro rekutanga nderokuti vhara TCP port 445 inouya kubva paInternet pamadziro ekudzivirira mafaira. Kana uchida kuratidza mafaira ari pamadziro, sarudzo yakachengeteka ndeyekuaburitsa uchishandisa SMB pamusoro peQUIC pachiteshi cheUDP 443, kwete nekuvhura zvakananga kubatana kwekare kweSMB.
Kusiyana neizvi, kuvharira TCP port 445 kuenda kuInternet kunodzivirira makombiyuta emukati kutumira data reSMB kumaseva ekunze asingadzoreki. Muzviitiko chaizvo zvakaita se Mafaira eAzure kana Hofisi 365 Zvingave zvakakosha kubvumira traffic iyi, uye kunyangwe zvakadaro zvinokurudzirwa kuifambisa kuburikidza nemaVPN kana mitemo yakaoma kwazvo neIP ranges.
Munetwork dzine zvishandiso zvakawanda, zvakakosha kuita nhamba yekushandiswa chaiko kweSMBIzvi zvinosanganisira kuongorora kuti ndeapi maseva anoda SMB inouya, ndeapi maclient anoda kugovera mafaira, uye kuti ndeapi ma subnet anowanikwa kubva kuseva yega yega. Zvishandiso zvakaita seGet-FileShareInfo zvinogona kushandiswa pachinangwa ichi, pamwe nekugonesa kuongororwa kwekugovana mafaira kwenguva pfupi kuti vaone kuti ndeapi mashandisirwo ari kushandiswa.
Zvichibva pakuongorora uku, mitemo yefirewall inopinda neinobuda inogona kugadzirwa, ichivharira traffic yeSMB isingakoshi uye ichideredza huwandu hwe lateral kufamba yemunhu anogona kurwisa ari mukati me network.
Kusimbiswa neWindows Defender Firewall neIPsec
Windows Defender Firewall ine kuchengetedzwa kwepamusoro inoshanda se mutsara wechipiri wekudzivirira padyo neSMB traffic. Mitemo inogona kugadzirwa kuti ivhare ma connections anopinda nekubuda ne default, zvichibvumira chete zvimwe zvinodiwa kune vanodzora ma domain, ma file server, uye masevhisi akakosha.
Nzira yakajairika ndeyekutsanangura mitemo yekubuda inodzivisa kushandiswa kweSMB kune chero nzvimbo kunze kweimwe chete. allow list Zvichibva pama IP kana mazita, nechiito chekuti "Bvumira kubatana kana kwakachengeteka". Iyi sarudzo inogona kugadziriswa kuti ishandise Kerberos authentication uye null encapsulation mu IPsec, zvichimanikidza vashandisi vane mvumo vedomain nemakomputa chete kuti vashandise mukana weizvi.
Kuti nzira iyi ishande, zvakakosha kugadzira mitemo yekuchengetedza kubatana pamidziyo yese inobatanidzwa, kuitira kuti zvisaririra zvefirewall zvienderane neIPsec. Zvikasadaro, kuvharika kwacho kunogona kuguma kwava kwega kana kuti kusingaenderane.
Mumavhezheni achangoburwa akadai seWindows 11 24H2 neWindows Server 2025, Microsoft yakagadzirisa mitemo yefirewall yakavakirwa mukati kuti imise kuvhura maports otomatiki. NetBIOS (137-139) pakugadzira SMB2 kana zviwanikwa zvakagovaniswa zvepamusoro, zvichiratidza mutemo wakaoma unoenderana nekushandiswa kwemazuva ano.
Munzvimbo dzisina SMB1, inokurudzirwa zvikuru. vhara ma ports aya ekareKana dziine kuwirirana kwakanyanya chete ndipo panofanira kuvhurwazve nemaoko, zviri nani kuderedza chiyero kuburikidza nemitemo chaiyo.
Dzima sevha yeSMB kana isingadiwi
Mazhinji maWindows client nemamwe maseva ari panetwork haadi chaizvo Sevhisi yeSMB server inoshanda, sezvo vasingambogovani mafaira nemamwe makomputa. Kuramba vakabatidza sevhisi zvisina kufanira kunongowedzera nzvimbo yekurwiswa.
Usati waidzima, zvinokurudzirwa kuti utarise kana paine mapurogiramu kana maitiro anoenderana nayo. Kana yangosimbiswa, sevhisi yeSMB server inogona kudzimwa pamakombiyuta akasarudzwa, semuenzaniso ne zvinodiwa neboka remitemo vanoshandisa magadzirirwo aya nenzira yakakura uye inodzorwa.
Chiyero ichi, pamwe chete neSMB pamusoro peQUIC yekushandiswa kure uye mitemo yefirewall yakagadziriswa zvakanaka, zvinobatsira kuvaka dhizaini yakasimba yekugovana mafairauko ma node chete anoda kuburitsa SMB ndiwo anoita izvozvo, uye nenzira yakachengeteka zvikuru.
SMB pamusoro peQUIC inobvumira kupa vashandisi vari kure, matavi, uye nharembozha a mukana wekuwana mafaira akavharidzirwa, inodzivirira network dzisina kugadzikana uye isina maVPN echinyakare, nepo maturusi etifiketi, kutonga kwemutengi, KDC proxy, firewall uye network segmentation zvichipa scaffolding inodiwa kuti iyi "SMB VPN" ishande zvakavimbika uye nevimbiso dzekuchengetedza munzvimbo chaiyo.
