SMB Most Important Features
SMB 3: What is SMB?
SMB, or Server Message Block, is one of the pillars of mass data transfers across networks. In the age of data centers and virtualized servers, this is the protocol that is doing the hard lifting, by moving, copying and modifying terabytes of user data, and keeping it secure and encrypted from hackers and ransom attacks.
The protocol itself has undergone a rapid evolution from its early days, and the latest Microsoft SMB 3.1.1 version is aimed at speed, flexibility and extreme security.
For virtualized data centers, the SMBv3.x family of dialects is the de-facto standard for high performance, offering a rich set of functions that weren’t available earlier.
💡 For an extensive introduction to the SMB protocol and learning what IT decision-makers need to know, check out What is SMB? by David Dynamicnet
Learn how Visuality Systems SMB solutions
can work for you
How SMB works
Everyone knows how easy it is to map network drives on one’s own device, and then access files and folders as if they were kept locally. In the background, what makes this possible is the SMB protocol. SMB is a protocol, just like the http protocol we use to browse the web, a set of rules that defines how data access is to take place.
When two devices wish to share data with each other on a network, they do so with the help of network redirectors. All such connection and access requests are handled and completed by redirectors, and these are sent as “data packets”.
SMB Network details: What port does smb use?
SMB data packets come in three types: session control packets, file access packets and general message packets. SMB works at Layer 7, the application layer, and uses TCP/IP on port 445 (note: prior to Windows 2000 the SMB port number was 139).
SMB Servers, SMB Clients, and SMB shares
There are 3 basic components required in SMB communication:
- SMB server – What is an SMB server? It is the machine that hosts the SMB shares
- SMB client – What is an SMB client? It is the machine that accesses shares on an SMB server.
- SMB share/file share- What is an SMB file share? It is a shared resource — most often a directory or group of directories — SMB clients access on SMB servers.
The SMB versions: SMB1, SMB2, and SMB3
SMB1 also known as SMBv1 is the original implementation of SMB. It was created at IBM in the 1980s to enable network access to local DOS (Disk Operating System) file systems. SMB1 used 16-bit packet and small — by today’s standards — data buffers, which limited performance..
SMB1 is often associated with CIFS (Common Internet File System). This is because CIFS is a popular 1996 Microsoft SMB dialect that implemented SMB on many networks.
“💡Pro-tip: SMBv1 does not have any encryption, it doesn’t exist and that is why it is so unsecured. Therefore it shouldn’t be used today. The protocol is highly susceptible to MITM (man-in-the-middle) attacks, and SMBv1 is the protocol exploited by ransomware like WannaCry and NotPetya. Additionally, SMB1 is inefficient and creates a lot of network “chatter” when compared to newer SMB versions.”
SMB2 a.k.a. SMBv2 or SMB 2.0 was released by Microsoft in 2006 with Windows Vista. This Microsoft SMB2 protocol implementation improved performance and security when compared to SMB1. For example, SMB2 increased packet sizes to 32-bit — and even 128-bit for file handles — a significant improvement over SMB1’s 16-bits. Subcommands for the SMB protocol were reduced from over 100 in SMB1 to less than 20 in SMB2 which reduced the “chattiness” (network noise and bandwidth consumption) SMB1 was known for. Features such as caching and durable connections were added in SMB2 as well that further improve performance.
With Server 2008 R2 and Windows 7, Microsoft introduced SMB 2.1. The newer Windows SMB 2.1 implementation improved how opportunistic locking (oplocks) work and helped further improve performance.
The original name for SMB3 (a.k.a. SMB v3) was SMB 2.2. The initial release of SMB3 is now known as SMB 3.0. Server 2012 and Windows 8 were the first Microsoft operating systems to support it. SMB v3 adds more performance and security enhancements to the protocol. For example, SMB multichannel and end-to-end encryption were introduced in SMB3.
SMB 3.1.1 — the latest version of Windows SMB — was released along with Server 2016 and Windows 10. SMB 3.1.1 includes security enhancements such as: enforcing secure connections with newer (SMB2 and later) clients and stronger encryption protocols.
Key SMB features
With the basics of SMB out of the way, we can now take a technical deep-dive into the key SMB features.
- Secured Data Transfer
- Durability and Reliability
Like many other protocols, authentication is vital to SMB security. There are two aspects of SMB authentication:
- User-level authentication- Requires clients to provide a username and password. Once a client — such as an SMB client Windows 10 computer — successfully authenticates to gain access to a share on a server — such as a Server 2019 SMB file server — the SMB client gains access to all shares on the server not restricted by additional “share-level” security.
- Share-level authentication- Requires a share-specific password (no username) assigned to the share.
Both user-level and share-level SMB authentication encrypt passwords prior to transmission. In this section, we’ll take a closer look at the authentication features of security.
Authenticating the client or user identity is important before file shares are given access. The NT Lan Manager (NTLM) is one of the two security protocols that offers authentication to hosts in a Windows network. For example, before an SMB connection is made, clients get authenticated by their domain where the server is located.
NTLM uses a challenge/response method to authenticate users and devices. The method incorporates a three-way handshake and password hashing to prove user authenticity; however the cryptography for this is weak, and vulnerable to ‘pass-the-hash’ attacks.
The second version of NTLM is more secure with strong cryptography, and can prevent spoofing attacks. This protocol is still widely used as it is compatible with old systems.
The complete NTLM protocol suite is a single implementation comprising both NTLM versions along with NTLMV2 Session protocol.
Kerberos, developed by MIT, is a network authentication protocol that works transparently with the Windows Active Directory, and was introduced in Windows 2000.
The Active Directory of Windows is used to manage users, computers and services that are part of the network hierarchy. The server that runs the Active Directory Domain Service becomes the domain controller, able to authenticate and authorize network users and enforce security policies.
Kerberos employs cryptography to allow clients and servers to prove their identity to each other. Stronger than NTML, Kerberos authenticate happens separately from SMB using tickets supplied by a Kerberos Key Distribution Center (KDC). Clients and servers use these tickets and authenticate themselves during connections on insecure networks.
Kerberos also allows encrypting subsequent communication with secret-key cryptography after the identities of clients and servers are established.
With SMB2.0.2 (Vista) onwards, the protocol ensures that users and clients are authenticated when they connect to servers. The security has been further enhanced in SMB3.0 (Windows 8) with a new algorithm for signing data packets.
The main function of pre-authentication integrity is to prevent what are called ‘man-in-the-middle’ attacks, whereby hackers attempt to inspect or eavesdrop on data packets and tamper with the connection and authentication properties. Using cryptographic SHA-512, this feature verifies requests for setting up sessions and subsequent negotiations.
2. Secured Data TransferIn addition to authentication, ensuring data integrity and encryption in transit are important parts of SMB security. In this section, we’ll look at the SMB features that enable secure data transfer.
3. PerformanceSMB performance has improved significantly since SMB v1 and CIFS. In addition to reducing the “chattiness” of SMB v1, later SMB versions include many features that increase throughput and take advantage of modern high-speed network connections. In this section, we’ll look at the performance-enhancing features of SMB.
Maximum Transmission UnitMicrosoft has introduced new features to increase performance of large networks such as a 10 gigabit Ethernet. In SMB 2.1, better network speed can be obtained with large, multi-credit operations, also called the Maximum Transmission Unit, or MTU. The MTU is the size of the biggest data unit that can be sent across the protocol on a network. By increasing the size of MTU, the maximum data unit can be 1MB, which allows for faster file transfer, and reduces the number of packets sent. MTU was introduced with Windows 2008 R2 and Windows 7. MTU enhance data usage performance when for example, query an SQL server Database, making copies of virtual hard disks (Hyper-V), back-up and restoring data.
- Increased network performance outside Windows clustering
- Multiple data paths available
- Higher throughput and network fault tolerance
- Automatic configuration (dynamic addition of connections discovered automatically)
4. Durability and ReliabilityAvailability, scalability, and fault-tolerance are important aspects of file and resource sharing on modern networks. In this section, we’ll explore the key features that make SMB robust and reliable.
- Windows Server 2012 with at least two nodes on a failover cluster
- Clearing of the Validate Configuration wizard by servers, storage and network
- File server role available on all nodes of a cluster
- Cluster file server set for file shares with continuously available property
- A new VSS provider (File Share Shadow Copy Provider)
- A new VSS requestor (File Share Shadow Copy Agent)
- A new RPC (remote procedure call) protocol (FIle Server Remote VSS Protocol).
Interested in an SMB file sharing solution?
Fill in the form
& get a free evaluation package now
Please fill in your contact information and the product you would like to evaluate, and a Visuality representative will contact you shortly.