Original network protocols are starting to age out of usefulness. HTTP is being replaced by HTTPS, people are trying to replace DNS with DNSSEC, and TLS just got its first update in 8 years. Now it's time to update SMB. It's time for Safe-T Secure File Access.
Why Would You Want to Replace SMB?
In a previous blog, we discussed some of the drawbacks of SMB1. This is an old version of the SMB protocol with roots in the 1980s. While it’s still active on many computers, it’s generally only needed to communicate with Windows XP and Server 2003 operating systems – and if you’re going your job right, that equipment has already been uprooted from your environment. In most cases, you can disable SMB1 on throughout your network without encountering many issues.
SMB 2 and SMB 3 are a different story. They’re modern, full-featured secure file transfer protocols with strong encryption and robust failover. The major issue is that using these protocols, along with a similar protocol known as NetBios, requires administrators to open ports 339 and 445. Keeping ports open is bad practice for a secure network but closing these ports or disabling SMB causes a host of other issues.
Most notably, a vulnerability in the SMB protocol led to 2017’s mass ransomware attack known as Wannacry, which caused a total of $4 billion in damage. Frustratingly, even after the this vulnerability was widely disclosed, there are approximately 5.5 million devices that are still exposed to the internet in this manner.
Augmenting SMB with Secure File Access
At its heart, Safe-T's Secure File Access (SFA) lets administrators close ports 339 and 445, and disable SMB from user segments, and replicate their functionality using the secure HTTPS protocol.
To the end user, nothing about their usual workflow changes. Accessing a file on remote server will all look the same. Behind the scenes, however, an entirely different workflow will take place – one that administrators will ultimately find easier and more secure.
For example, SFA comes with a smart access permissions console that lets administrators easily control how users use the files they can access. They can delineate who can read which files, who has read and write permissions, and who can create and delete files. With its simple UI, SFA even lets administrators provide auditable access permissions to customers and vendors outside the network. This ensures secure and controlled access to any file types and content.
In addition, SFA encrypts files at rest, making it difficult for unauthorized users to read or copy their contents. The product can also prevent unauthorized users from moving or deleting the file, or from uploading potentially compromised/malicious files.
Secure File Access is an Updated Access Solution for an Age that Requires Security
Protocols like SMB and NetBios have inescapable origins in an earlier era of information technology. They were created in an age where leaving open ports on your network was acceptable. Nowadays, leaving any open port on your network – even the ubiquitous port 80 – is an invitation to disaster.
When used in combination with other Safe-T's Secure Application Access, SFA makes it possible to do business on the internet without opening any ports to the outside world – and without significantly changing your normal workflows or impacting your end users. For more information on this technology - https://www.safe-t.com/secure-file-access/.