SMB has always been a network file sharing protocol. As such, SMB requires network ports on a computer or server to enable communication to other systems. SMB uses either IP port 139 or 445.
What Are Ports 139 And 445?
- Port 139: SMB originally ran on top of NetBIOS using port 139. NetBIOS is an older transport layer that allows Windows computers to talk to each other on the same network.
- Port 445: Later versions of SMB (after Windows 2000) began to use port 445 on top of a TCP stack. Using TCP allows SMB to work over the internet.
How To Keep These Ports Secure
Leaving network ports open to enable applications to function is a security risk. So how do we manage to keep our networks secure and maintain application functionality and uptime? Here are some options to secure these two important and well-known ports.
- Enable a firewall or endpoint protection to protect these ports from attackers. Most solutions include a blacklist to prevent connections from known attackers IP addresses.
- Install a VPN to encrypt and protect network traffic.
- Implement VLANs to isolate internal network traffic.
- Use MAC address filtering to keep unknown systems from accessing the network. This tactic requires significant management to keep the list maintained.