What is SMB?

Summary: The Server Message Block (SMB) protocol is a network file sharing protocol that allows computers to communicate with each other and access shared files, printers and other resources on the network. SMB has been around for over 30 years and continues to be widely used in corporate networks and the internet.

The Server Message Block (SMB) protocol is a network file sharing protocol that allows computers to communicate with each other and access shared files, printers and other resources on the network. SMB has been around for over 30 years and continues to be widely used in corporate networks and the internet.

What is SMB and How Does it Work?

SMB works as a client-server protocol, where a client makes requests to a server. It facilitates file and printer sharing between computers and allows remote file access.

With SMB, a user can access files or applications stored on a remote server as if they were local. Users can open, read, create, modify and delete files on the remote server.

SMB was originally designed by IBM in the 1980s to turn the local file access of DOS into a networked file system. It allowed files on separate computers to be accessed as if they were on the user’s local hard disk, by using a common network protocol.

The first version of SMB ran on top of NetBIOS using TCP/IP ports 137, 138 and 139. Software locating each other via NetBIOS names used TCP port 139 for NetBIOS session services.

In 1990, Microsoft incorporated SMB into its LAN Manager product for networked server solutions. Over the next decades, Microsoft continued developing and enhancing SMB with new capabilities and performance improvements.

Brief History and Evolution of SMB

Here’s a quick overview of how SMB evolved over the past 30+ years:

• 1980s – SMB1.0 created by IBM to enable file sharing over a network
• 1992 – Samba released, an open source SMB server for UNIX systems
• 1996 – Microsoft released CIFS, Common Internet File System, a dialect of SMB with improvements
• 2000s – SMB2.0 introduced major performance enhancements
• 2012 – SMB3.0 brought availability, security and management capabilities
• 2016 – SMB3.1 added advanced encryption and pre-authentication integrity

Some key developments in SMB history:

SMB 1.0 The original SMB1 protocol was developed by IBM in the mid 80s to enable file sharing between computers on a LAN.

Samba In 1991, Andrew Tridgell developed an open source SMB server called Samba so that UNIX-like operating systems could interoperate with Windows and SMB networks. Samba implements CIFS as well.

CIFS In 1996, Microsoft attempted to rename SMB to Common Internet File System (CIFS) with Windows 95. CIFS added features for larger file sizes, symbolic links, direct TCP/IP transport and more.

SMB 2.0 Released with Windows Vista and Windows Server 2008, SMB 2.0 dramatically reduced protocol chatter and improved scalability.

SMB 3.0 Introduced with Windows 8 and Windows Server 2012, SMB 3.0 brought major enhancements like advanced encryption, better performance, failover clustering, and improved energy efficiency.

SMB 3.1
The latest dialect, SMB 3.1 added end-to-end encryption, pre-authentication integrity checks, and support for network fault tolerance.

Overall, SMB has evolved from a basic file sharing protocol to a robust, enterprise-grade protocoloptimized for performance, security and reliability. Microsoft continues to release new versions of SMB with improvements.

Key SMB Versions and Dialects

There are numerous versions and “dialects” of SMB that have been implemented over the years. Here are some of the major ones:

• SMB 1.0 – the original protocol designed by IBM in the 1980s
• Samba – open source SMB server, compatible with CIFS
• CIFS – SMB dialect introduced by Microsoft in 1996
• SMB 2.0 – major update by Microsoft in 2006 for Windows Vista
• SMB 2.1 – minor update in Windows 7
• SMB 3.0 – major performance and security improvements in Windows 8/Server 2012
• SMB 3.02 – small update in Windows 8.1
• SMB 3.1.1 – latest dialect with advanced encryption in Windows 10/Server 2016

Additionally, there have been various third-party implementations of SMB for operating systems like Linux, Unix, Mac OS, iOS and Android. The diverse ecosystem of SMB versions can make compatibility and interoperability challenging.

What are Ports 139 and 445?

For SMB communication between devices, the protocol requires certain TCP ports to be open. The main ports used by SMB are:

• Port 139 (TCP) – used for older SMB dialects utilizing NetBIOS such as SMB1
• Port 445 (TCP) – used for newer dialects (SMB2, SMB3, etc) running directly over TCP instead of NetBIOS

Port 139 Port 139 is used by versions of SMB that rely on NetBIOS for networking. NetBIOS provides services like name resolution and discovery for networked devices.

Port 139 connects SMB clients to a NetBIOS Session Service, which handles establishing sessions between devices for file sharing and communication. Older operating systems like Windows XP rely heavily on NetBIOS and Port 139 for device networking.

Port 445 Port 445 is used by newer implementations of SMB that can operate directly over TCP/IP, without the need for NetBIOS. Microsoft introduced this capability in later versions of SMB starting with Windows 2000, Windows XP and Windows Server 2003.

Using TCP port 445 directly is more efficient than going through NetBIOS on port 139 for every communication. Almost all modern versions of Windows use SMB over port 445 by default for file sharing.

Are Ports 139 and 445 Dangerous?

Ports 139 and 445 are not inherently dangerous or insecure. But due to flaws in older versions of SMB, attackers have been able to exploit these ports to infect victim machines.

Some key vulnerabilities associated with SMB ports:

• Weak authentication in SMB1 allows unauthorized access
• Known vulnerabilities in outdated SMB1 enables remote code execution
• Opening SMB ports to the public internet allows attacks
• Wormable vulnerabilities like EternalBlue has led to widespread ransomware attacks

The problem is not the ports themselves, but vulnerable SMB services listening on those ports. Exposing SMB directly to the internet allows attackers to easily find and target your systems.

The WannaCry ransomware outbreak in 2017 heavily exploited the EternalBlue SMB vulnerability to spread quickly across networks and infect over 200,000 systems globally.

How to Secure SMB Ports

Here are some tips to properly secure SMB ports from attack:

• Disable or block SMB1, enforce SMB v2 or higher
• Never expose SMB ports directly to the internet
• Install latest security patches for SMB flaws like EternalBlue
• Use firewall rules to restrict SMB traffic
• Enable SMB encryption & signing to prevent man-in-the-middle attacks
• Monitor SMB connections closely for signs of attack or compromise
• Use VPNs for secure remote connections instead of SMB over the internet
• Segment SMB traffic into separate network zones with VLANs
• Deploy endpoint and network-based intrusion detection systems to detect attacks

It’s important to follow cybersecurity best practices with SMB, even though risks have been reduced in modern versions. Vulnerabilities in deployed SMB services will continue to pose a threat if not properly secured and monitored.

SMB Summary

SMB is an important and widely used protocol for file sharing, printer sharing and system intercommunication on local networks and across the internet. Understanding its history, technical details and security implications allows us to better manage risks.

Modern SMB versions like SMB3 provide significant security enhancements, but legacy SMB1 installations can still be vulnerable. IT professionals should audit their environments for weak SMB configurations and proactively apply security controls according to best practices.

Though SMB has been targeted by high-profile cyberattacks like WannaCry, it remains an essential protocol for Windows networking and cross-platform interoperability. As long as proper precautions are taken, the risks of using SMB can be minimized.