What is the SMB protocol?

The Server Message Block (SMB) is a network protocol that enables users to communicate with remote computers and servers — to use their resources or share, open, and edit files. It’s also referred to as the server/client protocol, as the server has a resource that it can share with the client.

Now let's find out what is SMB port? Like any network file sharing protocol, SMB block needs network ports to communicate with other systems. Originally, it used port 139 that allowed computers to communicate on the same network. But since Windows 2000, SMB uses port 445 and the TCP network protocol to “talk” to other computers over the internet.

So what is SMB and how is it used? The SMB protocol creates a connection between the server and the client by sending multiple request-response messages back and forth.

Imagine your team is working on a large project that involves a lot of back and forth. You might want to be able to share and edit files that are stored in one place. The SMB protocol will allow your team members to use these shared files as if they were on their own hard drives. Even if one of them is on a business trip on the other side of the world, they can still access and use the data.

Let’s say that the printer in your office is connected to the receptionists’ PC. If you want to print a document, your computer (the client) sends the receptionists’ computer (the server) a request to print it and uses the SMB protocol to do it. The server will then send back a response, stating that the file is queued, printed, or that the printer ran out of magenta and is unable to perform the task.

Like any other connection, the SMB protocol needs security measures to make communication safe. At the user level, SMB authentication requires a username and password to allow access to the server. It is controlled by the system administrator, who can add or block users and keep tabs on who is allowed in.

At a share-level, users have to enter a one-time password to access the shared file or server, but no identity authentication is required.

In 1996, Microsoft tried to rename SMB to CIFS (Common Internet File System). It was an updated version of the same protocol and had additional functions, but the name didn’t stick. As a result, many still think it’s the same thing. CIFS is now only one of many dialects (variants) of SMB.

Here’re all the variants of the SMB protocol:

• SMBv1 was released in 1984 by IBM for file sharing in DOS. Microsoft modified and updated it in 1990.
• CIFS was released in 1996 with more features and support for larger file sizes. It came together with the new Windows 95.
• SMBv2 debuted in Windows Vista in 2006. It featured a notable boost in performance because of increased efficiency — fewer commands and subcommands meant better speeds.
• SMBv2.1 came with Windows 7, bringing improved performance.
• SMBv3 was introduced with Windows 8 with many updates. Most notable of which is enhanced security — the protocol started supporting end-to-end encryption.
• SMBv3.02 came together with Windows 8.1. It offered the ability to increase security and performance by completely disabling SMBv1.
• SMBv3.1.1 was released in 2015 with Windows 10. It added more security elements to the protocol, like AES-128 encryption, protection from man-in-the-middle attacks, and session verification.

It’s important to know which version of the SMB protocol your device uses, especially if you own a business and have a lot of Windows machines connected to each other. It would be hard to find a PC running Windows 95 or XP (and using SMBv1) in a modern-day office, but they might still be running on old servers. Why is that important?

Is SMB secure and completely safe to use? For now, it seems so. But new vulnerabilities could pop up any day. Users who want to lower their risk can go one step further and encrypt their SMB connections. Moreover, if you’re running a Windows computer or server that still uses SMBv1, you should immediately install the update. Better yet, upgrade to a newer version of the protocol.

Unfortunately, more than a million Windows machines are still running the unpatched version of the SMBv1 protocol. Most are likely connected to a network, which makes other devices on the same network vulnerable, regardless of which SMB version they are using.

SMB has also experienced some vulnerabilities that resulted in high-profile hacking incidents. In 2017, the US National Security Agency (NSA) found a vulnerability in the SMBv1 protocol. It allowed an attacker to execute their code without the user noticing. If one device were to become infected, the hacker could gain access to the whole network and every device connected to it.

This exploit was called EternalBlue. A hacker group called the Shadow Brokers allegedly stole the information from the NSA and leaked it online in 2017. Microsoft released an update to patch the vulnerability. Unfortunately, only a month after that, the WannaCry ransomware attack broke out. The massive attack affected almost 200,000 Windows devices across 150 countries.

In 2020, two more SMB vulnerabilities were disclosed, called SMBGhost and SMBleed. SMGhost possibly spread to millions of unpatched devices, resulting in millions of dollars of losses. When combined, these vulnerabilities could provide the attacker with remote code execution privilege. It enables an attacker to run any command on a target device over a network.

SMB also doesn’t support new authentication protocols that introduce additional safety issues.

If you’re not using any applications that require SMB, it’s best to disable it altogether and protect your device from possible attacks. SMB is not enabled by default in Windows 10 from October 2017, so you only need to take action if you use an older Windows version.

• Install updates immediately. Never ignore notifications to update your apps or software. These updates often contain security patches to keep you safe from malware, bugs, and other vulnerabilities discovered by the developers.
• Use a VPN. The most recent SMBv3.1.1 added AES-128 encryption to boost its security. If you use a NordVPN as a secondary precaution, you're protected with even stronger AES-256 encryption and an inbuilt CyberSec guard.

Here's how NordVPN protects you while using the SMB protocol.

1. NordVPN will secure remote access for your employees. With user authentication, you can protect your sensitive networks from intruders, and secure specific remote work devices. Helping to protect your network from rogue hackers armed with malware.
2. The inbuilt CyberSec feature can reduce malware threats. The WannaCry attack breached an entire network by infecting one device connected to it. NordVPNs CyberSec feature helps block infected pop-up ads and potential phishing sites, often used to execute massive network attacks like the ones we've mentioned.

Remember to check which version of the SMB protocol you're using, and secure every device on your network with a VPN for stronger security. You can use NordVPN on PCs, smartphones, and routers for total network protection.