What’s the Problem with SMB 1, and Should You Worry About SMB 2 and 3?

For a certain kind of secure communication, Server Message Block (SMB) is no longer suited for the task. Windows machines use SMB to pass files around a network. Printers, mail servers, and high-priority internal network segments use SMB to provide access to remote users. Although SMB is convenient for Windows and other networks, it’s also convenient for attackers. Notably, SMB1 was used as an attack channel for both the WannaCry and NotPetya mass ransomware attacks in 2017.

AWS Builder Community Hub

SMBv1 is so insecure that most security experts now recommend that administrators disable it entirely via a group policy update. What made SMB 1 so insecure, however? If it was so insecure to begin with, why was it still on people’s computers? Should you be worried about later versions of SMB as well?

What Makes SMB1 Obsolete?

The first version of SMB was created in the 1980s and implemented on Windows operating systems in 1992. Like many innovations from that era, that version of the protocol has stuck around, even though better versions of it are available. Just look at how many people are still using default HTTP, even though HTTPS is much more secure and has been around almost as long.

At the root of this problem is the fact that SMB 1 does not support encryption. That means that any attacker who steals a password and logs into an endpoint can capture SMB 1 traffic, view it in plaintext, and even modify the stream to send false commands.

At this point, the only reason to keep using SMB 1 is if you’re also using obsolete software in other parts of your network – namely Windows XP or Windows Server 2003, plus certain ancient multi-function printers. In fact, even Microsoft no longer wants users to use the first version of SMB – they publish an ongoing list of systems and hardware that still require SMB 1, specifically so that administrators can avoid them.

Are SMB 2 and 3 Vulnerable as Well?

During the mass ransomware events WannaCry and NotPetya, experts also recommended that administrators disable both SMB2 and SMB3, as these systems were also potentially vulnerable. They could not recommend turning these protocols off entirely, however. While SMB 2 and SMB 3 have huge advantages over SMB 1, their main disadvantage is that if you turn them off, things will go downhill for you in a hurry.

Here’s a short list of what you lose if you try to disable SMB 2 and 3:

  • Local caching
  • Failover
  • Large file-sharing networks
  • Symbolic links
  • Bandwidth limitations
  • 10gb ethernet
  • Multichannel fault-tolerance
  • Plus decades worth of security and encryption improvements

Disabling SMB2 and 3 is just not something that you want to do, given the drawbacks.

What’s unfortunate, however, is that you still might want to do that. Even though SMB3 is far more secure than SMB1, it’s still not a totally secure protocol. There have been at least three exploitable vulnerabilities in SMB2 and 3 since 2017, and there are almost certainly zero days that we don’t already know about. Is there a way to replace SMB without breaking your internal network?

Introducing SmarTransfer

While we’re not denigrating the latest versions of SMB, it’s always nice to have options. SmarTransfer is your option for a fully-secure file access solution, which is designed to provide your users native mapped drive access over HTTPS, rather than SMB or NetBios, letting administrators block ports 339 and 445 between the user segments and the file stores. On top of providing access over HTTPS, SmarTransfer allows encrypting storages and provides full access control on file actions. For more information on this new file transfer solution, contact Safe-T today.

Software Defined Access

*** This is a Security Bloggers Network syndicated blog from Safe-T Blog authored by Tom Skeen. Read the original post at: