SMBv1
- Signing optional
- Encryption, not a built-in feature
- Uses NTLM(NT LAN Manager) for session security
SMBv2
1. Signing by default
SMB signing means that every SMB 3.1.1 message contains a signature generated using session key and AES.
The client puts a hash of the entire message into the signature field of the SMB2 header.
https://techcommunity.microsoft.com/t5/storage-at-microsoft/configure-smb-signing-with-confidence/ba-p/2418102
2. Optional End-to-end Encryption, encrypts data payload, supports AES-128-CCM or AES-128-GCM
- Supports Kerberos, more secure and modern authentication
SMB v3.1.1
1. Signing by default
2. Require Encryption, encryts headers and data payload, supports AES-128-GCM, AES-256-GCM
3. Pre-authentication Integrity enhanced than SMBv2
4. Support TLS for encrypting SMB traffic
*넘버링 항목들은 Encryption Steps
Security/Protocols
댓글