The SMB protocol enables “inter-process communication,” which is the protocol that allows applications and services on networked computers to talk to each other. SMB enables the core set of network services such as file, print, and device sharing.
How Does The SMB Protocol Work?
In early versions of Windows, SMB ran on top of the NetBIOS network architecture. Microsoft changed SMB in Windows 2000 to operate on top of TCP and use a dedicated IP port. Current versions of Windows continue to use that same port.
Who is poking your ports?
Weird network traffic and suspicious port connections on your network are signs you might have been breached. Need help figuring things out? Ask Varonis.
Microsoft continues to make advancements to SMB for performance and security: SMB2 reduced the overall chattiness of the protocol, while SMB3 included performance enhancements for virtualized environments and support for strong end-to-end encryption.
SMB Protocol Dialects
Just like any language, computer programmers have created different SMB dialects use for different purposes. For example, Common Internet File System (CIFS) is a specific implementation of SMB that enables file sharing. Many people mistake CIFS as a different protocol than SMB, when in fact they use the same basic architecture.
Important SMB implementations include:
- CIFS: CIFS is a common file sharing protocol used by Windows servers and compatible NAS devices.
- Samba: Samba is an open-source implementation of Microsoft Active Directory that allows non-Windows machines to communicate with a Windows network.
- NQ: NQ is another portable file sharing SMB implementation developed by Visuality Systems.
- MoSMB: MoSMB is a proprietary SMB implementation by Ryussi Technologies.
- Tuxera SMB: Tuxera is also a proprietary SMB implementation that runs in either kernel or user-space.
- Likewise: Likewise is a multi-protocol, identity aware network file sharing protocol that was purchased by EMC in 2012.
What Are Ports 139 And 445?
SMB has always been a network file sharing protocol. As such, SMB requires network ports on a computer or server to enable communication to other systems. SMB uses either IP port 139 or 445.
- Port 139: SMB originally ran on top of NetBIOS using port 139. NetBIOS is an older transport layer that allows Windows computers to talk to each other on the same network.
- Port 445: Later versions of SMB (after Windows 2000) began to use port 445 on top of a TCP stack. Using TCP allows SMB to work over the internet.
How To Keep These Ports Secure
Leaving network ports open to enable applications to function is a security risk. So how do we manage to keep our networks secure and maintain application functionality and uptime? Here are some options to secure these two important and well-known ports.
- Enable a firewall or endpoint protection to protect these ports from attackers. Most solutions include a blacklist to prevent connections from known attackers IP addresses.
- Install a VPN to encrypt and protect network traffic.
- Implement VLANs to isolate internal network traffic.
- Use MAC address filtering to keep unknown systems from accessing the network. This tactic requires significant management to keep the list maintained.
In addition to the network specific protections above, you can implement a data centric security plan to protect your most important resource – the data that lives on your SMB file shares.
Understanding who has access to your sensitive data across your SMB shares is a monumental task. Varonis maps your data and access rights and discovers your sensitive data on your SMB shares. Monitoring your data is essential to detect attacks in progress and protect your data from breaches. Varonis can show you where data is at-risk on your SMB shares and monitor those shares for abnormal access and potential cyberattacks. Get a 1:1 demo to see how Varonis monitors CIFS on NetApp, EMC, Windows, and Samba shares to keep your data safe.
What you should do now
Below are three ways we can help you begin your journey to reducing data risk at your company:
- Schedule a demo session with us, where we can show you around, answer your questions, and help you see if Varonis is right for you.
- Download our free report and learn the risks associated with SaaS data exposure.
- Share this blog post with someone you know who'd enjoy reading it. Share it with them via email, LinkedIn, Reddit, or Facebook.
Michael has worked as a sysadmin and software developer for Silicon Valley startups, the US Navy, and everything in between.