Thursday, April 15, 2021

NAS Protocols | SMB and CIFS

NAS Protocols

There are many NAS protocols such as SMB, FTP, NFS, SFTP, CIFS, HTTP. Lets overview the important one's below;

Server Message Block (SMB)

SMB is a network file sharing protocol and is used at windows machine, known as Server Message Block. SMB was originally designed by Barry Feigenbaum at IBM in 1983 and later it was modified by Microsoft. SMB works in a client server architecture, where a client sends specific requests and the server responds consequently. One unit of the SMB protocol precisely deals with access to filesystems, such that clients may make requests to a file server. The SMB protocol sometimes called as a response request protocol, that means it communicates several messages between the client and server to establish a link. It operates in Layer 7 and over TCP/IP protocol. 

The latest SMB 3.1.1 released in 2015 with windows 10 and windows server 2016 with enhancement in adding advanced encryption and preauthorization integrity.

Securing the SMB protocol

It is known that the SMB shares typical file in some Windows Sever are not encrypted and can be viewed by Microsoft Message Analyzer. However later the end to end encryption option was introduced in windows 8 and windows server 2012. 

As we heard the popular and most critical ransomware attack was happened link to early versions of the SMB protocol that were exploited during the WannaCry ransomware attack through a zero-day exploit called EternalBlue with CVE code CVE-2020-0796 and was a critical severity level.

There is a flaw in the new SMBv3 compression mechanism potentially allows an attacker to take down or take over a Windows system. Example of some operating system which were vulnerable to SMB based attack were, 

  • Windows 10 Version 1903 for 32-bit Systems
  • Windows 10 Version 1903 for 64-bit Systems
  • Windows 10 Version 1909 for 32-bit Systems
  • Windows 10 Version 1909 for 64-bit Systems

To address the above vulnerability, one need to patch the operating system, or someone can disable the SMB with following PowerShell command;

Set-ItemProperty-Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 1 -Force

SMB uses either port no 139 or 445. So, to protect the SMB ports we can use firewalls and strong policies. We need to keep enabled of the firewall or endpoint protection. VPN can also be good option to encrypt and protect the network traffic. If you want to isolate the network traffic, then a VLAN configuration is also advisable.

If any windows system does not play as server and client role, then some steps can be taken to secure the SMB port such as;

  • Block all the inbound TCP traffic at SMB port no 445
  • Disable the inbound connections: File and Printer sharing (SMB-In), Netlogon Service (NP-in), Remote event log management and remote service management.
  • Can restrict access from trusted IP ranges and devices.
  • Need to configure a security rule for the outbound firewall rule with exceptions for the "Allow the connection if it is secure" and "Allow the connection to use null encapsulation" settings.
  • Configure windows defender firewall.
  • Configure servers for isolation from network such as; Security group filters, WMI filters, configure IPsec, configure key exchange, configure data protection and authentication etc. 

CIFS

There is another protocol called CIFS stands for Common Internet File System was an earlier version of SMB.  It is a network file system protocol used for providing shared access between printers and system. It also works as client server model. This protocol is a low scalable but reliable protocol. It uses TCP port number 139 and 445 and UDP port number 137 and 138.

  • A client sends a request to a server.
  • The server acknowledges and fulfils the request.
  • Then the server sends a response back to the client.

Presently most Operating system use SMB instead of CIFS whereas, CIFS is used at NAS (Network Attached Storage) and SAN (Storage Area Network). There are some other Features of CIFS includes not limited to easy file access, resource access, flexible connectivity, safe caching, proper notification etc. 

We will discuss SAN protocols later in another post. 

-DR


at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Network Scanning Tools

Network Scanning through Nmap and Nessus Network scanning is a process used to troubleshoot active devices on a network for vulnerabilities....

  • Basics of Ethernet
    Ethernet   Ethernet is the Media access method in a network where all the device or hosts , that share data or share the bandwidth in betw...
  • Telecom | STM-1/4/16 SDH Multiplexer- Part 2
    STM-1/4/16 SDH Multiplexer In my older post I have covered the basic STM and STM-1. STM1 is a synchronous digital hierarchy (SDH) is standar...
  • General IT Controls -ITGC & GTAG
    General IT Controls (GITC or ITGC) Information Technology General Controls is a type of internal controls which is combined a set of policie...