What SMB Does
SMB lets a client browse folders, open files, write changes, lock files, authenticate users, and access shared printers across a network. Modern SMB is much more capable and safer than the old SMBv1 era, but poor configuration can still create serious risk.
| Use | Example | Network Concern |
|---|---|---|
| Shared folders | Office file server | Permissions and backups |
| NAS storage | Home media or project storage | LAN speed and access control |
| Printer sharing | Shared office printer | Discovery and firewall rules |
| Remote access | Accessing files away from home | Use VPN, not exposed SMB |
SMB is most associated with Windows, but it is not Windows-only. macOS can connect to SMB shares, Linux servers can provide SMB through Samba, and NAS appliances commonly use SMB as their main file sharing protocol. In mixed homes and offices, SMB is often the easiest common language for shared folders.
SMB protocol history and versions
SMB1 / CIFS (Common Internet File System) was the original version, dating back to the late 1980s and used through Windows XP and Windows Server 2003. It is chatty, inefficient, and critically lacks modern authentication and encryption protections. SMB1 should be disabled on every network without exception.
SMB2 arrived with Windows Vista and Windows Server 2008. It reduced the number of round trips required for common operations from dozens to a handful, added request compounding (batching multiple commands into a single round trip), larger read/write sizes, and durable file handles that survive brief network interruptions. SMB2 made file server performance noticeably better over high-latency links.
SMB3 shipped with Windows 8 and Windows Server 2012 and added two major capabilities: end-to-end encryption (AES-128-CCM or AES-128-GCM) for data in transit on the LAN, and SMB Multichannel, which allows a single SMB session to use multiple network interfaces simultaneously for higher throughput and redundancy. SMB3.1.1, introduced with Windows 10 and Server 2016, added pre-authentication integrity checking to prevent man-in-the-middle attacks on the negotiation phase.
| Version | Introduced with | Key features | Status |
|---|---|---|---|
| SMB1 / CIFS | Windows XP era | Basic file sharing | Disabled — security risk |
| SMB2 | Windows Vista | Compounding, larger I/O, durable handles | Supported |
| SMB3 | Windows 8 | Encryption, Multichannel, scale-out | Current standard |
| SMB3.1.1 | Windows 10 | Pre-auth integrity, AES-128-GCM | Current standard |
Why SMB1 must be disabled — WannaCry
In May 2017, the WannaCry ransomware exploited EternalBlue, an NSA-developed exploit targeting a vulnerability in SMB1 (MS17-010). It spread autonomously across networks, encrypting files on hundreds of thousands of Windows machines in over 150 countries within days. The UK's National Health Service was severely disrupted. All affected systems had SMB1 enabled and had not applied the March 2017 security patch. Modern Windows versions disable SMB1 by default, but it can still be found enabled on older systems, NAS devices running legacy firmware, and networks that never audited the setting. Verify SMB1 is disabled on every device on your network.
SMB ports
Modern SMB uses TCP port 445 directly — the client connects to the server's IP address on port 445 without requiring NetBIOS. Legacy SMB over NetBIOS used TCP port 139 (NetBIOS Session Service) along with UDP ports 137 and 138 for name resolution and datagram services. Port 139 is still supported for backward compatibility but is not needed on any current Windows version. Port 445 should be blocked at your firewall's WAN interface under all circumstances.
macOS and SMB
macOS uses SMB3 by default when connecting to network shares in Finder. Apple dropped its own AFP (Apple Filing Protocol) as the primary LAN sharing protocol in favor of SMB for better cross-platform compatibility. When you click "Connect to Server" in Finder and enter smb://192.168.1.x/sharename, macOS negotiates the highest mutually supported SMB version with the server. Time Machine over a network share also uses SMB on current macOS versions when connecting to non-Apple NAS devices.
Linux and Samba
Linux does not include SMB natively but supports it via Samba, an open-source implementation of the SMB protocol. Samba runs as a server daemon (smbd) and can share Linux directories to Windows, macOS, and other SMB clients with full authentication and permission mapping. On the client side, Linux mounts SMB shares using mount.cifs or smbclient. Samba is the backbone of most NAS appliance software including those from Synology, QNAP, and TrueNAS.
Never expose SMB to the internet
TCP port 445 should never be reachable from the public internet. Beyond the WannaCry-class exploit risk, SMB is a complex stateful protocol with a large attack surface. Brute-force credential attacks against exposed SMB ports are constant and automated. If you need to access files remotely, use a VPN to connect to your home or office network first, then access SMB shares over the VPN tunnel as if you were local. Alternatives for remote file access include SFTP, HTTPS-based file portals (Nextcloud, Synology QuickConnect), or a zero-trust access solution with MFA.
SMB Multichannel for NAS throughput
SMB3 Multichannel allows a single file transfer to use multiple network interfaces simultaneously, aggregating their bandwidth. A workstation with two 1 GbE NICs connecting to a NAS with two 1 GbE ports can achieve close to 2 Gbps throughput on a single large file transfer. Multichannel also provides path redundancy — if one NIC or cable fails, the session continues on the remaining interface without dropping the connection. To use Multichannel, both the client and server must support SMB3, and both must have multiple NICs connected to the same network or separate networks with routes between them. Windows Server and most modern NAS operating systems enable Multichannel by default when multiple interfaces are detected.
Performance and Security
SMB performance depends on the storage device, network speed, client hardware, and file size. Many small files can feel slower than one large file because each operation has overhead. For security, disable SMBv1, require authentication, use least-privilege shares, and avoid exposing TCP port 445 to the public internet.
Frequently Asked Questions
What does SMB stand for?
SMB stands for Server Message Block.
What port does SMB use?
Modern SMB uses TCP port 445. Legacy SMB over NetBIOS used TCP port 139. Block port 445 at your WAN firewall.
Is SMB safe over the internet?
No. Do not expose SMB directly. Use VPN, SFTP, HTTPS-based sharing, or a vendor-supported remote access method.