What is the SMB protocol for resource sharing?
The SMB protocol is a little-known invention responsible for allowing computers to communicate over a network. In other words, it is a client-server protocol enabling entities online to share resources. Generally, SMB might be recognizable due to its infamous linkage to the all-sweeping WannaCry attack. Thus, the SMB protocol, although holding a stable position in the industry, has had its ups and downs. It is the technology behind seamless file sharing, network browsing, inter-process communication, and printing over a network. Thus, being aware of its influence and role in the digital world is a strong recommendation for each netizen.
What is SMB protocol?
The SMB (Server Message Block) protocol is a client-server communication protocol. In simpler terms, it dictates the rules on how systems should interact.
It has several versions, most of them improving either performance or security. However, its general usage relates to the intent of sharing resources. For instance, you might need to gain access to a printer at your office. The chances are, the SMB protocol will make it possible. It will help send the request to print and deliver the message of success/failure.
Why do we say that SMB protocol follows a client-server model? Well, it establishes an interaction between a client that wishes to communicate with the server. As a response, the server provides the resource client has requested. It could be a file or the previous printer example. Thus, it allows different devices to talk to each other over a network.
How does SMB protocol work?
Initially, the implementation of SMB protocol focused exclusively on Windows operating systems. However, it is possible to use it on various OSs. For instance, you can set the SMB protocol on macOS for file sharing. Furthermore, Samba allows Linux users to perform network actions allowed by SMB.
The SMB protocol acts as the bridge between a device and a remote server when it comes to its functionality. Thus the client can access, view, edit and otherwise manipulate the resources available on the remote server.
For the SMB protocol to successfully establish communications, it requires open ports. Originally, SMB ran over UDP, using port numbers 137 and 138, and TCP port number 137 and 139. The latest model indicates that the SMB protocol runs directly over TCP, port 445.
Different versions of the SMB protocol
- SMB/CIFS/SMB1. All these three terms relate to the original SMB protocol. Initially, IBM developed it for file sharing in DOS. Around 1990, Microsoft picked up the protocol, improved it, and added new features. In 1996, Microsoft also renamed its unique version CIFS. However, you can notice instances when SMB and CIFS terms became close synonyms.
- SMB 2.0. Microsoft introduced the second version with Windows Vista in 2006 and Server 2008. The upgrade focused on reducing the chattiness present in the SMB1. Thus, the second SMB protocol was much more capable of copying files at high speed. Additionally, it managed to encompass several actions into a single request. Thus, more data reached the intended recipient, and reduced the time necessary to complete the tasks. Finally, SMB 2.0 also continued the file transfer even if a brief network disconnect occurs.
- SMB 2.1. This SMB protocol version came out with Windows 7. For the most part, it resolved minor performance problems.
- SMB 3.0. The third version emerged in Windows 8. It, once again, boosted the previous performance and added new functionality. One of the most remarkable changes (among many) was the support for end-to-end encryption. Additionally, it included a new AES-based signing algorithm.
- SMB 3.0.2. This version targeted the vulnerable SMB1 version. Thus, users received the opportunity to disable it altogether.
- SMB 3.1.1. The final version (at least for now) became available in Windows 10. It is the most secure SMB protocol, featuring AES-128 GCM encryption which supplements the encryption added in the third version. Additionally, it performs pre-authentication integrity verification with SHA-512.
Security issues with the SMB protocol
Besides the gradual improvements, SMB has, unfortunately, been the cause of one of the most devastating ransomware attacks. The notorious WannaCry outbreak led to the injection of thousands of devices worldwide. The vulnerability, dubbed as EternalBlue, was the leading cause of this successful raid.
The EternalBlue exploit was a vulnerability in Microsoft’s implementation of the SMB protocol. It appeared due to the flawed way of handling specially crafted packets from remote attackers.
As a result, hackers had the opportunity to exploit the security gap and run arbitrary code on the target devices. Therefore, WannaCry gained worm-like capabilities, spreading across computers and over the network using the SMB protocol. In 2018, TechCrunch indicated that a million devices were still susceptible to similar attacks.
The use of the SMB protocol now
SMB is not a foolproof protocol. Thus, it is natural to expect certain pitfalls. In 2020, researchers became aware of a new wormable vulnerability. Dubbed as CVE-2020-0796, the flaw was present in the newest SMB protocol version. Luckily, minimal information about the potential security loophole leaked online. Differently from EternalBlue, no actual exploit code had been posted. Soon enough, Microsoft released a patch, fixing the flaw.
If you use the newest version of Windows, you need to enable the SMB protocol manually. If you fear that SMB could trigger WannaCry-look-alike attacks, it is best to keep it disabled. In the case of older devices, please ensure that the first version of the protocol is no longer in use. To the very least, guarantee that you install all the necessary patches in a timely manner. It might be the decision standing between you and a devastating attack.
Sadly, all data exchanges online are vulnerable, and it is impossible to predict the cause of the next crisis. Atlas VPN is one of the tools you can add to your arsenal. It performs the critical function of encrypting entire internet traffic. Everything you send over your connection gets encoded. As a result, it increases the security of each communication made and prevents external entities from spying on it.
Former chef and the head of Atlas VPN blog team. He's an experienced cybersecurity expert with a background of technical content writing.