I'm an admin at a hosting company and I deal primarily with Linux machines though we have plenty of customer with Windows servers.
In my capacity I have only ever used SMB for a file / print server on my local LAN.
Is there any reason to leave SMB open? I have not heard of any actual reason to have it exposed to the internet, is there some Windows thing I am unaware of that requires it?
SMB is a file sharing protocol and, as such, it is sometime left open to the internet for, well, sharing files.
However, this is a very bad idea. Compared to simpler protocol as FTP or WebDAV, which basically have very small GET/PUT interfaces and are entirely implemented in isolated userspace processes, SMB is a much more complex protocol, deeply integrated into core Windows services.
The more complex nature of SMB (and its very low security/integrity until at least version 2) means that many critical flaws were exploited, and its tight integration with Windows means these exploit were very dangerous.
So, no, do not open SMB to the internet
Just don't do it. If anyone asks you to do it, I would strongly recommend telling them no and running away fast.
You could technically provide this kind of service over a VPN, but if it's over any significant distance over WAN it's almost certainly going to perform like total garbage.
There are far superior services to accomplish remote and local file sharing that you could provide. Consider Amazon Storage Gateway, or Google Storage. These solutions allow cloud storage accounts to be attached to fileservers in-house, enabling a hybrid storage cloud that syncs wherever anyone needs it. It's fast and secure, and remote users don't need to hit your fileserver in order to get remote files while in-house users don't need to hit your WAN pipe to get at those same files. These solutions take a large burden from you the administrator, and puts it into a cloud that can handle the load no matter what.
No. Leave the minimum number of ports exposed to the Internet. If you need to use SMB for something (transferring files with a trusted other party, with authentication and timestamps on every action taken), then set up a VPN for them to connect to before making an SMB connection.
Is there any reason? I will leave that up to you.
It can be done. Open port 445 and config SMB and you can access your shared folders over the internet similar to how you would do it over your local network.
It's going to be very slow because the protocol was not designed to work over such environment.
There are known security risks. IP restriction could help.
