Many IT departments need communication between various applications to work swiftly and without errors. For example, lost messages or a bottleneck of messages can lead to expensive problems in the financial industry. With the AMQP protocol, problems like these don't occur. How does the Advanced Message Queuing Protocol work?
Whether at home or in the office – connecting all technological devices within a shared local network (an offline alternative to the internet) is usually just a technicality thanks to computer networks. Network participants can easily exchange files via LAN or WLAN connection, manage servers or use typical network devices like printers or routers. However, for communication to work between individual components, clear conventions are required – provided in the form of protocols. One of the most important and oldest network protocols, for example, is the SMB protocol. We explore it in detail in this article.
What is SMB (Server Message Block)?
SMB (Server Message Block) is a client/server protocol that governs access to files and whole directories, as well as other network resources like printers, routers or interfaces open to the network. Information exchange between the different processes of a system (also known as inter-process communication) can be handled based on the SMB protocol.
Developed by the IT group IBM in 1983, various versions and implementations of the protocol have been released over the past decades. SMB first became available for the public as part of the OS/2 network operating system LAN Manager and its successor LAN Server. The main application of the protocol has since been the Windows operating system series because its network services are backwards-compatible with SMB. This allows devices with newer editions to easily communicate with devices that have an older Microsoft operating system installed. What’s more, the free software project Samba offers a solution that enables the use of Server Message Block in Linux and Unix distributions, thereby allowing cross-platform communication via SMB.
To implement the SMB protocol in Windows NT 4.0, Microsoft utilised the name Common Internet File System (CIFS) which was subsequently used as a synonym for the SMB protocol family. Today, CIFS is particularly common as a term for the first SMB version 1.0.
How does SMB work?
The Server Message Block protocol enables the client to communicate with other participants in the same network, allowing it to access files or services open to it in the network. For this to work, the other system also needs to have implemented the network protocol and receive and process the respective client request using an SMB server application. But both parties must first establish a connection, which is why they first exchange corresponding messages. In IP networks, SMB uses the Transmission Control Protocol (TCP) that provides for a three-way handshake between the client and server, before finally establishing a connection. Subsequent data transport is regulated by the provisions of the TCP protocol.
The TCP port 445 is reserved for establishing the connection and data transmission via TCP/SMB. Address resolution typically occurs via the Domain Name System (DNS), or via Link Local Multicast Name Resolution (LLMNR) in smaller networks.
The SMB protocol over the years: overview of the versions
As already mentioned, since SMB was first released in 1983, multiple adjustments have been made to the network standard, captured in the various protocol versions. These start with SMB 1.0 through to the current version SMB 3.1.1, which Microsoft introduced together with Windows 10. The following sections summarise the main steps in the development of the Server Message Block protocol.
SMB 1.0 (CIFS)
The first version of the network communication protocol is often equated with the Common Internet File System (CIFS) variation outlined earlier. However, the latter actually only refers to an aspect of the first protocol edition – specifically for the implementation of the protocol in devices with Windows NT 4.0. In this first variant, communication still occurred via the NetBIOS interface as well as the UDP ports 137 (name resolution) and 138 (package transmission), as well as TCP port 139 (connection setup and transport). Dependency on NetBIOS ceased with Windows 2000; the protocol officially designated as SMB 1.0 now allows direct connection via TCP (port 445).
The first big revision of Server Message Block was provided by Microsoft in November 2006 – together with the operating system Windows Vista. Even though the protocol – now known as SMB 2.0 – continued to be proprietary, the software company also released the specification for the first time, enabling other systems to communicate with the Windows operating systems. The most important changes in the second protocol version included the following:
- Reduction of commands and subcommands from more than 100 to 19
- Optimised performance thanks to the new queue function for SMB requests
- Support of symbolic links (connections to files or directories)
- Intermediary storage/caching of file properties
- Improved message signing (HMAC SHA-256 algorithm)
- Better scalability thanks to a greater maximum number of clients, shared objects, and simultaneously opened files
For compatibility reasons, the first protocol version was retained. Microsoft also stuck with this measure in the subsequent versions.
Version 2.1 of the SMB protocol is closely tied to Windows 7. The revised version of the second protocol edition was released with the operating system in 2007 and, in addition to a number of minor performance optimisations, it provided new locking mechanisms for regulating file access more effectively (reading, writing, deleting etc.).
Windows 8 was released in 2012 – and with the new edition of the Microsoft operating system, a new version of Server Message Block. This was initially referred to as SMB 2.2 but was later changed to the designation SMB 3.0, which still applies today. This protocol revision likewise aimed at improving the performance and security of SMB connections, particularly across virtualised data centres. The following new features were key to this improvement:
- Possibility of remote storage access thanks to SMB via RDMA (Remote Direct Memory Access)
- Multi-channel function enables the setup of multiple connections per SMB session
- Transparent failure protection
- End-to-end encryption
With SMB 3.0.2, the third protocol version was implemented without major changes in Windows 8.1.
SMB 3.1.1 (published in 2015 with Windows 10) expanded the protocol series with an integrity check prior to authentication, based on SHA-256 hash values. Moreover, the system utilises AES-128 encryption with Galois/Counter Mode (GCM). For all communication devices with SMB 2.0 or higher, SMB 3.1.1 makes a secure connection mandatory.
Table of SMB versions
|SMB version||Supported since||New features|
|CIFS||Windows NT 4.0||Communication via NetBIOS interface|
|SMB 1.0||Windows 2000||Direct connection via TCP|
|SMB 2.0||Windows Vista, Windows Server 2008, Samba 3.5||Various performance upgrades, improved message signing, caching function for file properties|
|SMB 2.1||Windows 7, Windows Server 2008 R2||Locking mechanisms|
|SMB 3.0||Windows 8, Windows Server 2012,Samba 4.0||Multi-channel connections, end-to-end encryption, remote storage access|
|SMB 3.0.2||Windows 8.1,Windows Server 2012 R2|
|SMB 3.1.1||Windows 10, Windows Server 2016, Samba 4.3||Integrity check, AES-128 encryption with Galois/Counter Mode (GCM)|
What security aspects are important to consider when using SMB?
For years, Microsoft considered it important in its systems that older versions of Server Message Block are also supported by newer editions to ensure smooth communication between older and newer devices. But safeguarding compatibility has since been linked with an increased security risk. That’s because SMB 1.0 has a number of vulnerabilities compared to the subsequent protocols, which make the computer susceptible to DoS attacks, for example.
Especially in networks, the risk of an attack based on the SMB protocol is high. All SMB versions are usually activated for compatibility reasons – for instance, since this is required by connected printers or other network devices. Even if the old protocol version is practically no longer used, it remains an easy target for attackers who can switch communication down to SMB 1.0 and attack the target system without major obstacles. That’s why with Windows 10, Microsoft decided to no longer actively support the first version and to automatically deactivate it when it’s not used.
Find out how to deactivate Server Message Block or certain versions of the SMB protocol in Windows 10 yourself (and reactivate it again, when necessary) in our extensive article on activating and deactivating SMB.
Where is Server Message Block used or implemented?
The most important application scenarios for SMB have already been presented in this article. The key point of the protocol is access to file systems, which is why the main benefits are found in client/server connections between computers and file servers. Since other sections of the protocol are clearly aimed at inter-process communication, however, simple data exchange between two devices or two processes belongs to its application profile.
Besides the implementations of Server Message Block in the various Windows editions, the protocol was integrated into numerous other software projects to enable communication beyond the Microsoft family. The best-known SMB implementations include the following:
- Samba: The software project Samba is probably the best-known example of an SMB implementation beyond Windows. Back in 1991, programmer Andrew Tridgell started developing the free software that enables communication in Unix/Linux systems via Server Message Block.
- Netsmb: Netsmb refers to implementations of the SMB client and server directly in the kernel of BSD operating systems. They were first released for OS FreeBSD 4.4, but are now available for a range of BSD systems – including NetBSD and macOS.
- YNQ: YNQ (formerly NQ) is an SMB library that implements the Server Message Block technology in embedded systems without Windows and thereby allows interoperability with Windows-based devices. YNQ has been developed by the Israeli software company Visuality Systems Ltd. since 1998.
- FreeNAS: Anyone who wishes to run their own NAS server that supports the SMB protocol, will find a suitable solution in the open-source FreeNAS. The NAS software is based on FreeBSD and the OpenZFS file system.
- ConnectedNAS: ConnectedNAS, software developed by Connected Way, serves as an SMB server and client for Android devices. Users of the paid app can easily exchange data between the mobile device and other SMB devices – whether privately or within a company. For security reasons, ConnectedNAS only supports SMB from version 2.