SMB / CIFS and security enhancement methods
SMB protocol in Windows security :
In computer networks SMB or CIFS works as a Layer 7 protocol (Application Layer), it mostly works to provide access to shared files, printers, and serial ports, and various connections between devices within the network.
SMB is often used by Microsoft operating systems. Windows services include SMB, (Server Service) for the server section, and (Workstation Service) for the client section.
Linux operating systems use another SMB version called SAMBA. In general, SMB is a request-response protocol by which the client sends an SMB request to the server and the server returns a SMB-type response to the client in response.(SMB / CIFS)
The Server Message Block protocol can be used with the Session layer work in different ways :
- 1) Directly on port 445 TCP
- 2) Through the NetBIOS API, which can also work on several Transport layer protocols.
- 3) On ports (UDP 137,138 and TCP 137,139 ) NetBIOS over TCP / IP
- 4) On some old protocols like NBF
SMB implementation methods :
- 1- Client-server method
- 2) Samba
executive problems :
- 1) NetBIOS problems
- 2) WAN Executive Problems
Security in SMB :
- 1) SMB Signing
Make changes through Group Policy
Make changes through Registry
- 2) Close Administrative Shares and prevent Null Session Enumeration
- 3) Disable NetBIOS over TCP / IP
- 4) Use Firewall and close NetBIOS over TCP / IP ports
- 5) SMB Encryption
- 6) Dialect Negotiation
- 7) Disable SMB 1.0
If you have any questions or problems, you can ask the Ask system to provide guidance.