The sixth step: Require SMB signing.
Key point: SMB signing is helpful in preventing the attack from man-in-the-middle.
The seventh step: Intensify network strategy
Key point: Those setups such as “Don’t allow the anon. enum of SAM” should be activated, while those setups such as “Allow nameless SID/Name translation” shouldn’t be activated. Those might be considered as the low-grade security, but they are important component parts in strengthening the safety of Windows system.