SMB / CIFS and security enhancement methods

SMB / CIFS and security enhancement methods

SMB / CIFS and security enhancement methods

SMB protocol in Windows security :

In computer networks SMB or CIFS works as a Layer 7 protocol (Application Layer), it mostly works to provide access to shared files, printers, and serial ports, and various connections between devices within the network.

SMB is often used by Microsoft operating systems. Windows services include SMB, (Server Service) for the server section, and (Workstation Service) for the client section.

Linux operating systems use another SMB version called SAMBA. In general, SMB is a request-response protocol by which the client sends an SMB request to the server and the server returns a SMB-type response to the client in response.(SMB / CIFS)

The Server Message Block protocol can be used with the Session layer work in different ways :

  • 1) Directly on port 445 TCP
  • 2) Through the NetBIOS API, which can also work on several Transport layer protocols.
  • 3) On ports (UDP 137,138 and TCP 137,139 ) NetBIOS over TCP / IP
  • 4) On some old protocols like NBF

SMB implementation methods :

  • 1- Client-server method
  • 2) Samba

executive problems :

  • 1) NetBIOS problems
  • 2) WAN Executive Problems

Security in SMB :

  • 1) SMB Signing

Make changes through Group Policy

Make changes through Registry

  • 2) Close Administrative Shares and prevent Null Session Enumeration
  • 3) Disable NetBIOS over TCP / IP
  • 4) Use Firewall and close NetBIOS over TCP / IP ports
  • 5) SMB Encryption
  • 6) Dialect Negotiation
  • 7) Disable SMB 1.0

If you have any questions or problems, you can ask the Ask system to provide guidance.

 

Use of this Site is subject to express terms of use. By using this site, you signify that you agree to be bound by these