What is the SMB Protocol
By Nick Anderson 4 minutes
Protocols define a set of rules for computers to ensure a smooth operation. One protocol is different than the other, but they all make possible communication between devices. One such protocol is the Server Message Block (SMB) protocol.
You may not have heard of it, but it’s quite popular and used to this day. It’s more robust than File Transfer Protocol (FTP). We’ll discuss SMB in our blog and help you understand why it continues to be used to this day despite being more than two decades old.
How SMB Works
SMB is a client-server protocol utilized to establish a network for remote access. It was developed by IBM in the 1980s, and since then, it has been most notably used by Microsoft in the Windows operating system. Microsoft has added its improvements over the decades; it’s used as the native network protocol in Windows for remote access. SMB version 3.1.1 is the latest version and part of the Windows 10 operating system since 2015.
The original SMB protocol introduced has received several implementations with different names, such as Likewise. Microsoft’s implementation of SMB was known as CIFS.
It’s also a request-response protocol, which means it will always wait for an acknowledgment from the server during communication. As a Layer 7 protocol in the OSI Model, it is an Application Layer level protocol that uses TCP/IP (Transport Layer) and port 445. Ports can be thought of as gateway through which the assigned traffic can enter and exit.
As we explained that it follows a request-response process, it works well with TCP/IP because TCP is a connection-oriented protocol. It establishes a connection in a 3-way process. You can learn more about TCP as well as its counterpart UDP in our blog here.
SMB Allows Remote Access
SMB allows you to connect to a server from a remote location. The server could be hosting files or even allow you access to devices such as printers. If you are working with your colleagues, then you can use SMB to establish a server as your central repository for sharing files. The entire idea of SMB is to allow remote access, so being present in the office is not a requirement. You could be half-way across the world and still be able to access the server.
Earlier SMB Versions are Unsecure
As with most legacy technologies, some vulnerabilities expose them to the risk of a hack, and SMB is no exception. Microsoft made a lot of improvements since the SMB1, and the version 3.1.1 includes AES 128-bit encryption for securing communication.
The 2017 WannaCry attack used SMB’s vulnerability to deliver a ransomware attack. A Ransomware attack encrypts the user’s files, then demands a ransom – usually in the form of Cryptocurrency – to unlock them. The files could be your most personal or work-related files that you cannot afford to lose. The ransomware attack was also a worm that could transfer to other computers on the network; this is where the SMB vulnerability comes in.
The attack was based on an SMB exploit known as EternalBlue. Although Microsoft followed with a security patch, there were estimated to be thousands – if not millions – of computers that would still be vulnerable to the attack because of an unpatched version of Windows. There are still a lot of users who have not updated from Windows 7.
If you intend to use SMB, then you must update your Windows to the most recent version. Although the vulnerability was found in SMB1, which predates Windows 10, Microsoft rolled out an update for the OS too. So that’s something you must do.
As later SMB versions included network encryption, it should give you an idea of how useful the feature is. FastestVPN is a VPN that encrypts your communication with military-grade AES 256-bit encryption.