Common Internet File System (CIFS) Protocol
What is CIFS (Common Internet File System)?
First things first, CIFS is not just a breathy synonym for SMB. It is a specific version of SMB which was developed by Microsoft in 1996 and rebranded as the Common Internet File System. Problem was, it became infamous for being buggy, chatty, and generally not performing well. The rebranding attempt was abandoned in 2006 when Microsoft came out with SMB 2.0.
In its day, CIFS was used to share files remotely via IP, which worked in conjunction with FTP and HTTP.
How does CIFS work?
CIFS uses the client-server model to share files across distinct network systems:
- A client sends a request to a server.
- The server fulfills the request.
- The server sends a response back to the client.
- Server grumbles to other servers that no one ever tips
Where might CIFS be used today?
CIFS still finds a few odd jobs today. It's sometimes used for sharing Windows files with Linux systems and in outdated enterprise networks.
SMB Versions and Security
Most modern storage systems use SMB (v2 or v3), rather than CIFS, which was originally designed in 1983 before security was top-of-mind at most organizations. Research indicates that many organizations are still running this insecure protocol, putting at risk any other machines that are connected to the same network. Additionally, CIFS does not have authentication checks, which makes any file vulnerable to be intercepted or accessed during transfer.
How Do I Secure SMB/CIFS?
To secure SMB, you need to audit your environment for devices running SMB and shut down the ones that constitute a security risk. SMBv1 is full of known exploits and has been used in numerous attacks, such as with WannaCry and NotPetya. Organizations should move to the newer SMBv2 or SMBv3 variants. To do this, you need a tool that detects SMB traffic to find machines using the outdated SMBv1 protocol. Either disable or patch these devices before they become infected.