Information
File sharing from a user workstation creates additional risks, such as:
Open ports are created that can be probed and attacked
Passwords are attached to user accounts for access that may be exposed and endanger other parts of the organizational environment, including directory accounts
Increased complexity makes security more difficult and may expose additional attack vectors
Apple's File Sharing uses the Server Message Block (SMB) protocol to share to other computers that can mount SMB shares. This includes other macOS computers.
Apple warns that SMB sharing stored passwords is less secure, and anyone with system access can gain access to the password for that account. When sharing with SMB, each user accessing the Mac must have SMB enabled. Storing passwords, especially copies of valid directory passwords, decrease security for the directory account and should not be used.
Rationale:
By disabling File Sharing, the remote attack surface and risk of unauthorized access to files stored on the system is reduced.
Impact:
File Sharing can be used to share documents with other users, but hardened servers should be used rather than user endpoints. Turning on File Sharing increases the visibility and attack surface of a system unnecessarily.
Solution
Graphical Method:
Perform the following steps to disable File Sharing:
Open System Preferences
Select Sharing
Set File Sharing to disabled
Terminal Method:
Run the following command to disable File Sharing:
$ /usr/bin/sudo /bin/launchctl disable system/com.apple.smbd