What is SMB Protocol?
SMB Protocol or Server Message Block is a protocol developed by IBM for sharing files, printers, serial ports, etc. network computer APIs that work at the 6th and 7th levels of the OSI model. SMB can be used over the network protocols of the TCP/IP stack, as well as several other network protocols. It is designed to perform file and printer sharing, user authorization, and messaging functions.
What is SMB protocol?
The Server Message Block (SMB) is a network protocol that enables users to communicate with remote computers and servers to use their resources or share, open, and edit files. It’s also referred to as the server/client protocol, as the server has a resource that it can share with the client.
Now let’s find out what an SMB port is? Like any network file-sharing protocol, SMB block needs network ports to communicate with other systems. Originally, it used port 139 which allowed computers to communicate on the same network. But since Windows 2000, SMB has used port 445 and the TCP network protocol to “talk” to other computers over the internet.
How does SMB work?
Server Message Block is a request-response protocol, meaning it transfers multiple messages between the client and server to accomplish the request.
The below diagram illustrates how it works. Here the client must request the server for its needs and, in return, the server’s responses. The server makes the file systems and other services like files, folders, printers, ports, etc., to be available to the client or user on the network.
Features of SMB
As the versions of SMB have increased, the performance level is also increasing. Below are some important features of SMB:
- SMB provides an authenticated intercommunication process mechanism to share the files or resources (files, folders, printers) within the server.
- SMB allows clients to edit files, delete them, share the files, browse the network, print services, etc., over the network.
- SMB version 2 has decreased the usage of some commands and subcommands used to transfer the file over the network.
- SMB2 supports symbolic links as an enhancement version to SMB version 1.
SMB protocol dialects
Since the SMB was first released in 1983, numerous changes have been made to the network standard, reflected in various versions of the protocol. They begin with SMB 1.0 and end with the current version of SMB 3.1.1.
SMB 1.0 (CIFS): The first version of the network communication protocol is often equated to the Common Internet File System (CIFS) version. In this first variant, communication was still carried out via the NetBIOS interface, as well as via UDP ports 137 and 138, and also via TCP port 139.
SMB 2.0: The first major edition of Server Message Block was released by Microsoft in November 2006 with Windows Vista. Although the protocol – now known as SMB 2.0 – continued to be proprietary, the software company also released a specification for the first time that allows other systems to interact with Windows operating systems.
SMB 2.1: Version 2.1 of the SMB protocol is closely related to Windows 7. In addition to some minor performance optimizations, it provided new locking mechanisms to regulate access control more efficiently.
SMB 3.0: In 2012 with the new version of the Microsoft OS came a new version of Server Message Block. It was originally called SMB 2.2 but was later changed to SMB 3.0. This version of the protocol also aims to increase the performance and security of SMB connections.
SMB 3.1.1: SMB 3.1.1 has expanded a series of pre-authentication protocols based on SHA-256 hash values. In addition, the system uses AES-128 encryption in Galois counter mode (GCM).
Is the SMB protocol safe?
In 2017, the WannaCry and Petya ransomware attacks exploited a vulnerability in SMB 1.0 that made it possible to load malware on vulnerable clients and then propagate the malware across networks. Microsoft subsequently released a patch, but experts have advised users and administrators to disable SMB 1.0/CIFS on all systems.
SMB 3.0 and later are far more secure than previous dialects, having introduced some protections. For example, SMB 3.0 added end-to-end data encryption, while protecting data from eavesdropping. SMB 3.0 also offered secure dialect negotiation, which helps protect against MitM attacks.
SMB 3.1.1 improved security even further by updating the encryption capabilities, and adding pre-authentication integrity. It also included a mechanism for negotiating the crypto-algorithm on a per-connection basis.