The SMB protocol enables “inter-process communication,” which is the protocol that allows applications and services on networked computers to talk to each other. SMB enables the core set of network services such as file and print.
How Does The SMB Protocol Work?
In early versions of Windows, SMB ran on top of the NetBIOS network architecture. Microsoft changed SMB in Windows 2000 to operate on top of TCP and use a dedicated IP port. Current versions of Windows continue to use that same port.
Microsoft continues to make advancements to SMB for performance and security: SMB2 reduced the overall chattiness of the protocol, while SMB3 included performance enhancements for virtualized environments and support for strong end-to-end encryption.
SMB Protocol Dialects
Just like any language, computer programmers have created different SMB dialects use for different purposes. For example, Common Internet File System (CIFS) is a specific implementation of SMB that enables file sharing. Many people mistake CIFS as a different protocol than SMB, when in fact they use the same basic architecture.
What Are Ports 139 And 445?
SMB has always been a network file sharing protocol. As such, SMB requires network ports on a computer or server to enable communication to other systems. SMB uses either IP port 139 or 445.
- Port 139: SMB originally ran on top of NetBIOS using port 139. NetBIOS is an older transport layer that allows Windows computers to talk to each other on the same network.
- Port 445: Later versions of SMB (after Windows 2000) began to use port 445 on top of a TCP stack. Using TCP allows SMB to work over the internet.
How To Keep These Ports Secure
Leaving network ports open to enable applications to function is a security risk. So how do we manage to keep our networks secure and maintain application functionality and uptime? Here are some options to secure these two important and well-known ports.
- Enable a firewall to protect these ports from attackers. Most solutions include a blacklist to prevent connections from known attackers IP addresses.
- Implement VLANs to isolate internal network traffic.
- Use MAC address filtering to keep unknown systems from accessing the network. This method requires significant management to keep the list maintained.
In addition to the network specific protections above, you can implement a data centric security plan to protect your most important resource – the data that lives on your SMB file shares.