SMB Protocol

What is the SMB Protocol?

SMB is a file-sharing protocol that allows a client and server to interact and exchange files over a network. It allows the connecting client to view, transfer, write, edit or delete files hosted on a server. It may seem like a trivial task today, but that’s because SMB has been available for decades. SMB was developed by IBM and later contributed to by Microsoft. It is as old as the Windows operating system itself.

Newer versions of SMB are in effect today. So let us take a look at how this SMB works.

SMB Explained

SMB stands for Server Message Block. It is a request-response based file-sharing system that is the underlying network protocol in the Windows Operating System. The first version of SMB can be traced back to 1985 when it used to run on NetBIOS.

But a lot has changed since then; there are multiple operating systems in the world today that are running on a seemingly infinite number of architectures. SMB has adapted to provide reliable and consistent cross-platform communication using an implementation called SAMBA. So, whether you are running Unix and Linux, SAMBA allows devices to connect to servers running the SMB protocol.

SMB also provides an environment where a user can find and interact with other devices on the network, such as printers.

Since it is a request-response protocol, initiating communication with a file server is a 3-step process. The client sends a request to the server, the server responds, and then the client starts the transmission after authentication is complete.

History of SMB

The earliest version of SMB can be traced back to 1983. Bach then, SMB1 ran on NetBIOS over TCP/IP using port 139. NetBIOS was an API that allowed interaction with the transport layer.

Subsequent versions of SMB dropped the use of NetBIOS and used TCP port 445. The protocol could communicate directly with the TCP/IP layer.

SMB has had several variations that included additions to the SMB protocol. Common Internet File System (CIFS) is a notable variation of the SMB used by Windows 2000 and Windows XP. There is confusion around CIFS, and it is often mistaken to be a new version of the SMB protocol or something entirely different. When we talk about CIFS, we are still talking about SMB, it’s just a different variant.

SMB 2 was introduced with Windows Vista in 2006. SMB was considered a chatty protocol. What it means is that SMB required several back and forth responses that introduced latency. SMB2 improved on that aspect, and scalability, and improved performance. It optimized the flow by bringing down the commands from 100 to 19.

SMB3 was released with Windows 8 and Windows Server 2012. It was again a notable improvement over SMB2, introducing features such as end-to-end encryption. The end-to-end encryption would allow two clients using an SMB server to communicate without decryption occurring at the server. It massively improves privacy over SMB versions.

Microsoft has continued to invest in the protocol, with the latest being SMB 3.1.1, which was released in 2015 with Windows 10 and Windows Server 2015. It further strengthened the security aspect of SMB by introducing pre-authentication integrity to prevent Man-in-the-Middle attacks using the SHA-512 hash key.

Can You Still Use Earlier Version of SMB?

SMB is a backward-compatible protocol which means that connection using an old and new version is possible. Microsoft, however, no longer installs SMB 1.0. The change was introduced with the Windows 10 Creators Update. Connecting to devices via SMB 1 will throw an error.

“You can’t connect to the file share because it’s not secure. This share requires the obsolete SMB1 protocol, which is unsafe and could expose your system to attack. Your system requires SMB2 or higher.”

However, you can still enable SMB 1 in Windows 10. The option rests in Windows Features list. Under SMB 1.0/CIFS File Sharing Support, check the SMB 1.0/CIFS Client and SMB 1.0/CIFS Server boxes.

Is SMB Secure?

One of the reasons why Microsoft disbanded SMB1 is due to security concerns. A reported vulnerability named “EternalBlue” exploited SMB to spread malware to other devices on the network. The malware dubbed “WannaCry” was ransomware. Ransomware encrypts user files and demands that the user pay ransom for the decryption key. Because encryption is a complex process, users have no option but to submit to the demand.

The vulnerability was revealed by a hacker group called Shadow Brokers. Among this information were several other such vulnerabilities that were allegedly stolen from the NSA. WannaCry or WannaCrypt is based on the vulnerabilities that Shadow Brokers made public. Microsoft eventually patched it, but it is estimated that many Windows devices today are still running SMB1.

It is another reminder that operating on legacy technologies exposes your privacy and security to a great many threats. Always update your device and operating system to the latest to ensure that known vulnerabilities have been patched.

Start Browsing Privately!

iProVPN encrypts your data for protection against hackers and surveillance. Unblock your favorite streaming platforms instantly with the best VPN for streaming.

You May Also Like

Leave a Reply

Your email address will not be published. Required fields are marked *