How does SMB work?
SMB is a network communication protocol used to give the user access to files that are located on a remote server. This provides the user with the possibility to edit, share, move, update, and create those files as well as access to the resources of the remote server.
This allows the SMB protocol to give the client access not only to the server’s files, however other resources, such as printers. For example, you have a project management team, and many files need constant access by multiple people. By having the SMB protocol, your team can access all the data from their client on the remote server. They will be able to edit the data, move them to different folders, share them with other clients, and even print them, also though the client isn’t connected to a printer. This works, as long as the remote server has a printer connected to it.
SMB authentification: what is it
SMB protocol, as any other, needs particular security measures for safe communication. For the users it means the neccessity of the username and password to get access to the server. As a rule it is controlled by the system administrator, who can add or block users and keep tabs on who is allowed in.
At a share-level, users have to enter a one-time password to access the shared file or server, but no identity authentication is required.
Different Forms of the SMB Protocol
There are many different variants of the SMB Protocol, here are some examples:
- IBM first designed SMB1 in 1993 to turn the Disk Operating System (DOS) into a networked file system.
- CIFS, also known as Common Internet File System, was Microsoft’s attempt at renaming SMB Protocol. It was released in 1996 with Microsoft 95 and supported larger file sizes.
- SMB2 was introduced to the world with Microsoft Vista in 2006, with the most critical changes and an increase in performance and speed, resulting in higher efficiency.
- SMB3 was established with Windows 8 and magnified its security performance, notably adding end-to-end encryption.
- SMB3.1.1 was launched with Windows 10 and improved its security components to the protocol.
WannaCry Ransomware Attack
The WannaCry Ransomware attack was a worldwide cyberattack that targeted computers running Microsoft’s Windows operating system in 2017. This cyberattack spread through an exploit in SMB1, that was found by USA’s National Security Agency (NSA) called EternalBlue. A group of hackers called the Shadow Brokers was stolen and leaked a year before the attack. Microsoft released a patch; however, the attack still affected over 200,000 computers using older versions. This attack encrypted the user’s data and demanded ransoms in Bitcoin. According to cyber-risk modeling firm Cyence, economic losses were projected to be at $4 billion; however, some firms speculated the amount being in hundreds of millions.
CIFS vs. SMB
As mentioned before, CIFS is a version of the SMB protocol created by Microsoft. Even though they have different names, they share the same functionalities, starting from their earlier releases. CIFS is used mostly by larger firms, where clients need access to more significant amounts of data. To put it into a more straightforward perspective, CIFS is a dialect form of SMB protocol. Dialect is a set of message packets that are used to transfer data.
Which one to use CIFS or SMB?
- To understand which one to operate, here are some comparisons between CIFS and SMB protocol:
- In our modern times, CIFS is being used less compared to SMB protocol. This is since SMB employs high-level security, including pre-authentication checks during file transfers between clients and servers. Additionally, different versions of SMB are supported by types of Windows.
- Many different commands are applied to transfer files between servers and clients. This is a dealbreaker between CIFS and SMB since CIFS had over one hundred commands to transfer a file.
- Comparing that to SMB, it has just about nineteen commands, making it way more effective than its counterpart.
- CIFS was deemed to have network complications, while SMB has got the better of it by using a pipeline mechanism.
- And lastly, CIFS is a TCP/IP Protocol that operates on top of a server, compared to SMB, a program interface network protocol, which proves why SMB is more dominant and more widely used than CIFS.
SMB Authentication Protocol
A highly important element is security, which is why the SMB protocol has two security confirmations. The user carries out these checks and when sharing files. Sharing is when a client requests a file or folder, which needs access by the clients over the server. The client is the user who needs access to files over the network. For these protocols to be secure, a user-level verification check specifies that the client is obtaining access to the server. During this check, the client inputs their credentials, and when this verification is completed, the user is permitted access to the request on the server.
Share-level authentication check is when access is administered by a password allocated to the files over the network. This type of authentication, however, doesn’t require a username to gain access to the file. On the other hand, it does require a password that is solely linked to the secure network. This results with no user identification being stored in the servers when the client is accessing files.