Crack the Code: What is SMB Protocol and How to Fortify Your Security?

Whether at home or in the office, connecting all technical devices in the same local network to form an offline alternative to the Internet is usually only a formality.

Thanks to a connection within a LAN or WLAN, network participants can easily exchange files, manage servers or use typical network devices such as printers or routers. For communication between the different elements to work, however, clear rules must be defined, in the form of protocols.

One of the main and oldest network protocols is for example the SMB protocol, which we explain to you in more detail in this article.

What is SMB (Server Message Block) Protocol?

SMB (Server Message Block) is a server-client protocol regulating access to files, complete directories and other network resources such as printers, routers or shared interfaces in the network. The SMB protocol also allows the exchange of information between the different processes of a system (also called interprocess communication).

Developed in 1983 by the IBM computer group, this protocol has gone through different versions and implementations over the decades. SMB was first made available to a wider audience as part of the OS/2 LAN Manager network operating system and its successor LAN Server.

This protocol is mainly used in Windows operating systems whose network services support SMB in backward compatibility. This allows devices with the latest versions to communicate seamlessly with devices running an older version of Microsoft’s operating system.

How does SMB work?

The Server Message Block protocol allows the client to communicate with other participants in the same network in order to access files and services shared for this purpose on the network. The other system must also have implemented the network protocol for this purpose and receive and process the client request using an SMB server application.

First, both sides need to establish a connection. To do this, they first send each other the corresponding messages. In IP networks, SMB uses the Transmission Control Protocol (TCP) for this purpose, which provides for a three-step handshake between the client and the server before establishing a connection. The subsequent data transfer is also regulated according to the specifications of the TCP protocol.

SMB Protocol Versions

Variants of the SMB protocol improved capabilities, scalability, security, and efficiency in the initial implementation. Here is a brief overview of notable versions of the SMB protocol:

• SMB 1.0 (1984): Created by IBM for file sharing under DOS. Introduced Opportunistic Locking (OpLock) as a client-side caching mechanism designed to reduce network traffic. Microsoft would later include the SMB protocol in its LAN Manager product.
• CIFS (1996): SMB dialect developed by Microsoft that debuted in Windows 95. Added support for larger files, transport directly over TCP/IP, and symbolic and hard links.
• PME 2.0 (2006): Released with Windows Vista and Windows Server 2008. Reduced thread count to improve performance, improved scalability and resiliency, and support for WAN acceleration.
• SMB 2.1 (2010): Introduced with Windows Server 2008 R2 and Windows 7. The oplock client tenancy model replaced OpLock to improve caching and improve performance. Other updates included support for a large number of maximum transmission units (MTU) and improved power efficiency, which allowed clients with open files from an SMB server to enter standby.
• SMB 3.0 (2012): Debuted in Windows 8 and Windows Server 2012. Added several important upgrades to improve availability, performance, backup, security, and manageability. Notable new features include SMB Multichannel, SMB Direct, transparent client access failover, remote VSS support, SMB encryption, and more.
• SMB 3.02 (2014): Introduced in Windows 8.1 and Windows Server 2012 R2. Performance updates included and the ability to completely disable CIFS/SMB 1.0 support, including removal of associated binaries.
• SMB 3.1.1 (2015): Released with Windows 10 and Windows Server 2016. Added support for advanced encryption, pre-authentication integrity to prevent man-in-the-middle attacks, and security protection. clustered dialect, among other updates.

When should SMB be implemented and used?

SMB is primarily used in client-server connections between computers and file servers. However, since other sections of the protocol are explicitly aimed at interprocess communication, the usage profile also includes a simple exchange of data between two devices or two processes.

Apart from Server Message Block implementations in different editions of Windows, over time the protocol has also been integrated into many other software projects to open up the availability of communication features to non-owned operating systems. not in the Microsoft range. Some of the best-known SMB implementations include:

Samba

The Samba software project is arguably the best-known example of an SMB implementation outside of Windows. With the development of this free software, the programmer Andrew Tridgell enabled communication via Server Message Block on Unix and Linux systems as early as 1991.

Netsmb

Netsmb is a suite of SMB client and server implementations directly in the kernel of BSD operating systems. First released for the FreeBSD 4.4 operating system, these implementations are now available for a multitude of BSD systems, including NetBSD and macOS.

YNQ

YNQ is an SMB library that implements Server Message Block technology in non-Windows embedded systems and thus enables interoperability with Windows-based devices. Since 1998, YNQ has been developed by the Israeli software company Visuality Systems Ltd.

FreeNAS

The open source solution FreeNAS is the ideal solution for anyone wishing to operate a NAS server supporting the SMB protocol. The NAS software is based on FreeBSD and the OpenZFS file system.

ConnectedNAS

ConnectedNAS software developed by Connected Way is both a server and an SMB client for Android devices. Users of this paid application can exchange data between the mobile device and other SMB devices in peace and quiet, whether in a private or professional setting. For security reasons, ConnectedNAS supports SMB from version 2.

What security aspects should be considered when using SMB?

In its systems, Microsoft has always attached importance to the fact that older versions of Server Message Block are supported by newer system editions to ensure communication between older devices and newer devices. From the beginning, however, the guarantee of compatibility comes with a significant security risk since, compared to the following protocols, SMB 1.0 has many security flaws that make the computer vulnerable in particular against DoS attacks.

In networks, in particular, the risk of an attack based on the SMB protocol is great: for compatibility reasons, all versions of SMB are often activated there, in particular because printers or other networked devices have appeal. Even if the old version of the protocol is no longer used at all, the work of hackers is made easier since they can downgrade the communication to SMB 1.0 and attack the desired target system without encountering any significant obstacle. This is why, with Windows 10, Microsoft decided to no longer actively support the first version or to uninstall it automatically when not in use.

Ways to stay secure when using SMB

• Download a VPN. In a VPN connection, clients from the Internet can connect to the server to access the corporate network or the local network behind the server but always update Network Security and its resources. This feature is very useful since it creates a new tunnel that would allow telecommuters and business travelers to access their network using VPN client software, without compromising security and privacy.
• Install updates as soon as possible. Never disregard software or app update notifications. Security patches are frequently included in these updates to protect you from malware or other vulnerabilities found by the developers.