What is CIFS?

CIFS (Common Internet File System) is a network protocol that allows clients to communicate with servers and access file sharing and print services as if they were stored locally. 

The CIFS protocol is a particular implementation -- or dialect-- of the file-sharing protocol SMB (Server Message Block). The Server Message Block protocol was released by IBM in 1983 that has since undergone several modifications to its functionality by Microsoft. 

There is often confusion between the terms "CIFS" and "SMB" because the terms are often used interchangeably but there is a difference between CIFS and SMB. CIFS (sometimes called “CIFS/SMB”) actually refers to a specific dialect of SMB and not the SMB protocol generically. 

How Does CIFS Work?

The CIFS protocol enables file shares (or CIFS shares) between computers on a network. CIFS operates through NetBIOS over the TCP/IP protocol, mostly on older Windows versions and a range of network-attached storage (NAS) systems. 

CIFS can also operate with other protocols, including File Transfer Protocol (FTP) and Hypertext Transfer Protocol (HTTP).

CIFS works through a client-server model, defined by three main entities: a Client, Server, and Application – through which the client can access CIFS services.

The CIFS client-server model works as follows: 

1. The client sends a request to the server.

2. The server completes the request.

3. The server responds to the client.

CIFS Functionality

Microsoft outlines the main features of CIFS as those listed below. 

• Transport independence: CIFS has no requirements for the transport protocol passing messages between the client and server. The protocol is usually transported over a connection-orientated protocol and can also operate through connectionless protocols.
• Flexible connectivity: A single can make multiple connections across multiple servers. 
• Feature negotiation: The CIFS dialect and supported set of features are negotiated on a per-connection basis.
• Resource access:  CIFS clients have concurrent access to shared resources like files, named pipes, and print cues on the target server.
• Security contexts: If necessary, clients can create more than one security context over their connection.
• File access: As the server manages file sharing, several clients can access the same file at the same time.
• Extended subprotocols: CIFS can be used alongside a set of protocols that enable enhanced server functionality. 
• Named pipe interprocess communication: Clients can access named pipes, which act as a line of communication between the client and server. 
• File and record locking, and safe caching: Clients can cache data through opportunistic locking, which enhances network performance. The protocol also supports file and record locking.
• File, directory, and volume attributes: The CIFS specification enables clients to query, and set file, directory, and volume attributes. CIFS also has Access Control Lists (ACLs) compatibility. 
• File and directory change notification: Clients can request notification when file changes are made within a server directory or directory tree. 
• Batched commands: CIFS AndX messages can be chained together and executed in sequence on the server, avoiding multiple message round-trips.
• Distributed File System (DFS) support: DFS allows consistent object naming across different servers and shares.
• Remote Procedure Call (RPC) transport: CIFS provides transport authentication across RPC protocols, like RPC [MS-RPCE] and RAP [MS-RAP].
• Message verification: CFES uses message signing to prevent messages from being modified in transit.
• Unicode file name support: CIFS extends support to ASCII character sets and long Unicode file names.
  

CIFS Uses

CIFS is an early version of the SMB protocol that facilitates file sharing between Microsoft Windows clients, for example, through Windows For Workgroups. SMB was originally designed to allow clients to remotely read and write files over a local area network (LAN).

Clients can also use Samba to configure CIFS on other operating systems, like Linux and Unix.

Samba enables file sharing and print services, authentication and authorization, name resolution (such as DNS), and service announcements between Linux/Unix servers and Windows clients. 

CIFS users can use Samba to communicate between Apple’s OS X and Windows file shares. 

CIFS is also compatible with Windows Server Domain, Active Directory, and Windows NT.

NFS vs. CIFS

Network File System (NFS) is a file transfer protocol developed by Sun Microsystems in 1984. Like SMB, NFS allows users to access remote file systems locally. NFS is less “chatty” than CIFS and is accessible through several devices, including servers and desktops.

Despite their similar functionality, NFS and CIFS/SMB lack compatibility as they cannot communicate with each other. NFS world best for Linux Client to Linux server connections. 

Developed by Visuality Systems in 1998, ‍NQ is a family of portable SMB client and server implementations. NQ is portable to non-Windows platforms such as Linux, iOS, and Android and supports SMB 3.1.1 dialect.

Is CIFS Secure?

CIFS is an unsecure implementation of SMB – its lack of encryption has seen it exploited through malware like NotPetya and the WannaCry ransomware attack, which occurred through a zero-day exploit called EternalBlue. 

Newer versions of the SMB protocol are more secure and perform better than CIFS. Major SMB updates are listed below. 

• SMB 2.0: Released with Windows Vista in 2006. The 2.0 specification includes additional features, such as Wide Area Network (WAN) acceleration support, and reducing client-server latency, i.e. the “chattiness” of the original SMB/CIFS.
  

• SMB 2.1: Introduced with Windows 7 and Server 2008 R2, bringing enhanced efficiency for caching and performance.
  

• SMB 3.0: Came out with Windows 8 in 2012, with many changes. Notable updates include a stronger encryption algorithm, SMB Multichannel to facilitate multiple connections in SMB sessions, SMB Direct to allow SMB 3 traffic over RDMA.
  

• SMB 3.02: Released with Windows 8.1 and Windows Server 2012 R2 in 2014, adding the ability to disable SMB 1.0.
  

• SMB 3.1.1: Introduced in 2015 with Windows 10 and Windows Server 2016, adding many security enhancements, such as stronger encryption, session verification, and protection against man-in-the-middle attacks. As the latest version of SMB, users are recommended to use version 3.1.1.