Using SMB Packet Signing

Although SMB packet signing does not encrypt data, it does digitally sign Server Message Block (SMB) packets to ensure that the data has not been changed while in transit. The Management Server uses the Server Message Block (SMB) port (TCP/UDP 445) to deliver the files needed for agent installation on remote computers and for updating agent settings after installation.

You can configure this method by enabling the Microsoft network client: Digitally sign communications (always) and the Microsoft network server: Digitally sign communications (always) options. These options configure Windows 2000 to require the SMB server to perform SMB packet signing.

Enabling both of these options can mitigate "man-in-the-middle" attacks using SMB packets. These options can be configured using the Global or Local Policy snap-in for the MMC.