PAGE CONTENT:
If you follow the tech news, you might have heard about the cyberattacks happening across the globe by exploiting SMB vulnerabilities. You may not have heard about SMB or Server Message Block protocol before, but if you are a Windows user, you are already using it. So, if that makes you concerned about your Windows system's security and want to know "what is SMB" and how secure it is, continue to read the article.
SMB or Server Message Block Protocol is a communication protocol that uses a client-server model to share access to files, resources, and communications between systems attached to a network. It allows the connected systems to remotely open, edit, share or print files across the network. The SMB protocol was created so that the users in the local area network can share and modify files easily between them easily and securely. It was designed to replace the file-sharing protocols of earlier versions of Windows, such as CIFS and NFS.
Server Message Block protocol follows the client-server architecture to communicate in a network. The server has the files or resources which are shared with other computers in a network called clients upon their request. SMB protocol is also known as a response-request protocol because the client initiates the connection by sending an SMB request. The server sends back the SMB response, and a two-way communication channel is opened to share the resources or files after confirmation.
It works primarily at the application layer of the network, directly over TCP/IP protocol or other network protocols. There are 4 main components regarding SMB working: SMB Server, SMB Client, SMB Share, and SMB Port. The system where resources are located is called the SMB Server, and the requesting system is called the SMB Client. The resource needed to be shared is called SMB Share, and the port it works on is SMB Port.
The SMB protocol was first developed in 1983 by IBM and later used by Microsoft in Windows. It has undergone many developments and changes to meet the new challenges. The different versions of the SMB protocol are called "Dialects". Below is the summarized introduction to different dialects:
It is the original version of SMB introduced by IBM in 1984 for DOS systems. The SMB 1.0 included the Oplock feature and worked on top of NetBIOS and TCP/IP interface, but it had issues like no encryption, extreme chattiness, and high insecurity.
With the release of Windows Vista in 2006, SMB 2.0 was introduced. It was a significant improvement compared to SMB 1.0 version. The added features included fewer instructions and commands to reduce chattiness, support for WAN acceleration, and pre-authentication integrity. Unlike SMB 1.0, which uses a 16-bit data size, it uses 32-bit or 64-bit data size.
SMB 2.1 was introduced in 2010 alongside Windows 7 and Windows Server 2008 R2. It had minor improvements over SMB 2.0 version in regard to Oplock to enhance caching and performance. The Maximum Transmission Support or MTU and improved energy efficiency mode were also added to SMB in this version.
In 2012, SMB 3.0 was released along with Windows 8 and Windows Server 2012. It was the next major update in SMB protocol, introducing end-to-end encryption and many other features like SMB Direct, SMB Multichannel, Remote Volume Shadow Copy Service Support, etc. This resulted in remarkable improvements in SMB protocol's performance, security, management, availability, and backup.
SMB 3.02 was introduced to combat the vulnerabilities of the SMB 1.0 version along with Windows 8.1 and Windows Server 2012 R2 in 2014. It allowed users to completely disable SMB 1.0 from their systems to make them more secure and enhance the speed of SMB.
The last major dialect of SMB is SMB 3.1.1, released in 2015 with Windows 10 and Windows Server 2016. It added features like advanced encryption using AES-128, directory caching, increased security again MITM attacks, cluster dialect fencing, etc. The latest Windows 11 also uses SBM 3.1.1 dialect with improved features.
CIFS, or Common Internet File System, is a version or dialect of SMB introduced by Microsoft in 1996 with Windows 95. It was an improved version of SMB 1.0, but after that, many improved and secured versions of SMB were released. The table below explains the significant differences between SMB and CIFS.
Features | SMB | CIFS |
---|---|---|
Network Performance | The SMB 2.0 and 3.0 versions greatly improve chattiness reduction, fast speed, and enhanced performance. | CIFS is notorious for its chattiness, creating problems like slow network performance speed. |
Usability | In SMB 2.0, the required instructions and commands for SMB to work were reduced to 19, which significantly improved the overall performance. | CIFS requires hundreds of instructions and commands to perform a file transfer. It turned into a user nightmare as remembering so many commands was difficult. |
Authentication Check | SMB introduced pre-authentication checks from its SMB 2.0 version. It protects the file and doesn't allow anyone access unless a username and password are provided. | In CIFS, there are no pre-authentication checks. The files are open on the system during file transfer and can be accessed by any user. |
Encryption | The SMB 3.0 and higher supports end-to-end advanced encryption to secure your data during file transfer. The latest version of SMB supports AES-256 encryption. | There is no encryption available in CIFS. The data transferred using CIFS is vulnerable to malicious attacks. |
Security Risks | The SMB 2.0 and higher are secure and not vulnerable to any malware. The inclusion of advanced encryption in SMB protocol has made it highly secure. | The CIFS lacks security and is open to malware attacks. The malware attacks like NotPetya and WannaCry were executed by exploiting CIFS vulnerabilities. |
All the important details regarding what SMB is, how it works, its different versions, etc., have been discussed above. If you have more questions regarding SMB, you can look below, where we have answered the most asked FAQs regarding SMB from the internet.
Yes, the latest Windows 11 still uses SMB for file transfer in a network. It uses the latest dialect of Service Message Block, SMB 3.1.1, with improved features like AES-256 encryption, SMB Direct with encryption, etc.
Yes, the security in the latest versions of SMB is state-of-the-art and highly resistant to malware attacks. The older versions of SMB, like SMB 1.0 and CIFS, are vulnerable to cyberattacks and should be removed from your system.
The SMB protocol requires an open port to transfer files across the network. Port 445 is currently used by SMB protocol as it runs directly over TCP/IP protocol. Older versions used ports 137, 138, and 139.
SMB and FTP are file transfer protocols used to transfer files across the network. SMB has a simple interface and is easier to use compared to FTP. Alongside file transfer, SMB also allows sharing of resources like printers, which is impossible on FTP. SMB is the best protocol when transferring files and sharing resources in a LAN. FTP is a better choice when transferring files across the internet.
Security of your system is highly important as it usually contains your essential and sensitive data. Cyberattacks, especially ransomware, are getting more common with every passing day. It is necessary that you keep an eye on software and processes working in your system to ensure they are not a security risk. If you are using older versions of MSB, disable or remove them immediately to secure your system.