The SMB protocol is used by millions of internet users every day, but it isn’t without its flaws. In 2017, a massive ransomware infection, WannaCry, hit 200,000 computers worldwide by exploiting a vulnerability in SMBv1.
If not using it isn’t an option for you, fret not! The good news is that there’s a way to use the SMB protocol safely. However, before we dive into that, let’s first take a look at what SMB actually is, how it works, and its different variants:
What is SMB?
Server Message Block, or SMB as it’s often called, is a network protocol that lets users communicate with remote servers and computers, i.e., to use their resources like printers or open, edit, and share files. It’s also referred to as a client/server protocol.
As with other network file sharing protocols, SMB uses network ports for communication with other systems. Back in the day, it used port 139, which enabled computers to talk to each other on the same network. However, after the release of Windows 2000, SMB began to use port 445 and the Transmission Control Protocol (TCP) to communicate with other computers on the internet.
How Does the SMB Protocol Work?
SMB sends multiple request-response messages between the client and the server to create a connection. For example, if you’re going on a business trip to another country, you still might need to edit and share files stored in one place. The SMB protocol will enable you to access and use these shared files as if you were on the same network.
Similarly, let’s suppose that one printer is shared with multiple computers in your office, and you want to print a document. The client (your computer) sends the server (the computer connected to the printer) a request to print it using the SMB protocol. A response is then sent by the server stating the file is printed, queued, or that the printer ran out of paper or ink.
SMB Authentication Explained
Just like other connections, the SMB protocol relies on security measures to ensure communication is safe. These include:
- User-level authentication: Users are required to provide a username and password to access the server. The system administrator has the ability to block or add users and monitor who is allowed access.
- Share-level authentication: Users have to provide a one-time PIN or password to access the shared server or file. Since a username isn’t required, no user identity is stored during the process.
Different Dialects of the SMB Protocol
There are many different versions of SMB, including:
- SMBv1 (1984) – SMBv1 was released by IBM as a file-sharing protocol for DOS-based systems. Microsoft later included it in its LAN Manager product with modifications and improvements.
- CIFS (1996) – CIFS was introduced with Windows 95. It added support for larger file sizes and other additional features.
- SMBv2 (2006) – SMBv2 came with Windows Vista. It offered a notable increase in performance courtesy of reduced chattiness.
- SMBv2.1 (2010) – SMBv2.1 debuted in Windows 7 and Windows Server 2008 R2. It brought improved performance and support for large maximum transmission unit (MTU).
- SMBv3 (2012) – SMBv3 was released with Windows 8. It featured enhanced security with support for end-to-end encryption.
- SMBv3.02 (2014) – SMBv3.02 came with Windows 8.1. It included performance and security updates and the ability to disable SMBv1 completely.
- SMBv3.1.1. (2015) – SMBv3.1.1. debuted in Windows 10 and Windows Server 2016. It added more security updates such as session verification, AES-128 encryption, and protection against man-in-the-middle (MITM) attacks.
If you own a business and have multiple Windows computers connected to one another, it’s important to know which variant of the SMB they’re using. While it’s difficult to find a Windows PC using the SMBv1 protocol in a modern-day workplace, you should still be concerned. We’ll explain why below.
SMB Vulnerability – WannaCry Ransomware Attack
The National Security Agency (NSA) developed an exploit called “EternalBlue” to exploit a vulnerability in SMBv1, which was stolen and leaked online by a hacker group known as the Shadow Brokers.Though Microsoft released an update to fix the serious vulnerability, the WannaCry ransomware broke out only a month after that.
The cyberattack affected hundreds of thousands of Windows devices in 150+ countries. It encrypted all the files on infected computers, leaving victims unable to access them unless they made a Bitcoin payment as ransom. WannaCry caused global economic losses of up to $5 billion, making it one of the worst ransomware attacks ever.
Should I Disable SMB?
Did you know that more than a million Windows computers are still using the unpatched version of SMBv1? What’s more, most of them are probably connected to a network, which makes other devices running on the same network vulnerable, regardless of their SMB version. If you have a Windows PC that still uses the SMBv1 protocol, you should either:
- Install the update
- Update to a newer SMB version
So, is SMB safe to use? Yes it is, at least for now. However, new vulnerabilities can be discovered any day. You can lower the risk by encrypting your SMB connections (using a Virtual Private Network proves useful here).
If you aren’t using applications that need SMB, you’re better off disabling it to protect your computer from potential attacks. SMB isn’t enabled by default in newer Windows versions, but you’ll need to deactivate it if you use an older version of Windows.
Prevention is Better than Cure!
Sure, constant updates are annoying, but not installing them as soon as they become available can make you a target. Never make the mistake of assuming that you’re safe from such vulnerabilities. Anybody can be a victim of cyberattacks! That’s why it’s best to take the necessary measures to protect your devices and data before something happens.
If you have any questions, feel free to use the comments section below, and we’ll get back to you as soon as we can!