Lepide Blog: A Guide to IT Security, Compliance and IT Operations

What is a Common Internet File System (CIFS)?

Common Internet File System

CIFS (Common Internet File System) is a Windows file sharing protocol that is based on the client-server programming model. In other words, a client application will use CIFS to make requests to a server, which then returns a response.

Common Internet File System is not as relevant as it once was, as it has been replaced by (or integrated with) the Server Message Block (SMB) protocol, which is considered to be more robust. Although the CIFS protocol is generally associated with Microsoft, there are open-source implementations of the protocol that are still available.

For example, CIFSD is an open source version of the CIFS/SMB protocol for Linux. Likewise, Samba, the Windows interoperability package for Linux and Unix, also comes with an SMB/CIFS client.

How Does Common Internet File System (CIFS) Work?

A Common Internet File System client typically starts a communication session with a CIFS server at the application level. For example, to access a shared folder, a user can launch Windows File Explorer. The client will create a NetBIOS session with the server using a full duplex TCP session over port 139, which it can then use to access shared resources.

After the NetBIOS session has been established, the client and server negotiate which dialect to use. Once the client and server have agreed on a dialect, the client sends authentication credentials to the server (often a username and password) and receives a Unique Identifier (UID). The client gives a list of its capabilities along with the authentication credentials.

Therefore, even if the server does not require authentication, this step is still important. While authentication is typically handled by Active Directory, other authentication protocols, such as RADIUS, can be used with CIFS.

Common Internet File System (CIFS) Protocol Features

Below are some of the main features provided by the CIFS protocol:

  • Transport Intelligence: The CIFS protocol can employ a connectionless protocol even though it typically runs on top of a connection-oriented protocol.
  • Flexible Connectivity: The CIFS protocol is very flexible, in that, one client can establish connections to multiple servers, or if necessary, multiple connections to a single server.
  • Feature Negotiation: The dialect of the protocol and its supported features can be negotiated on a connection-by-connection basis.
  • Resource Access: The resources that clients can connect to are not restricted by the CIFS protocol. Shared files, named pipes, print queues, and other resources can all have many CIFS clients connected at once.
  • Security Context: A client is not restricted to using a single security context by the CIFS protocol, as multiple security contexts can be supported if necessary.
  • File Access: A CIFS client can access many files at once and does not impose file locks. After all, file sharing is a feature of the server’s OS, which implies that a file may be accessed by many clients at once.
  • Extended Sub Protocols: Sub-protocols is supported by the Common Internet File System protocol and can be used to extend its functionality.
  • Named Pipe Interprocess Communication: Named pipes can be used by CIFS as a server-to-client communication channel.
  • File and Record Locking and Safe Caching: The CIFS protocol does enable file and record locking, as well as file caching, even though it permits several clients to access a file at once.
  • File, Directory, and Volume Attributes: Attributes assigned at the file, folder, and volume levels are recognized and respected by the CIFS protocol. Windows Access Control Lists (ACLs) are also compatible with the protocol.
  • File and Directory Change Notifications: Clients can receive notifications from the CIFS protocol when a shared resource has been changed. For example, a Windows client accessing a shared folder through File Explorer will typically provide a current view of the shared folder’s contents.
  • Batched Commands: Messages can be connected and processed sequentially using the CIFS protocol.
  • Support for DFS: The Distributed File System (DFS) feature is fully supported by the CIFS protocol.
  • Remote Procedure Call Transport: RPC protocols like MS-RPCE and MS-RAP are supported by the CIFS protocol.
  • Message Verification: The CIFS protocol can be used in conjunction with message signing to ensure that communications haven’t been tampered with while in transit.

The Downsides of Common Internet File System (CIFS)

The concept of the Common Internet File System was very promising, to begin with, as Microsoft aimed to use CIFS to develop a standardized version of SMB. Support for direct connections over TCP port 445, which obviated the need for NetBIOS, was one of its biggest selling points. However, despite this functionality, the majority of CIFS clients and servers continued to use LAN Manager (LanMan) and NetBIOS for authentication. Microsoft continued to update the SMB protocol, rendering CIFS obsolete over time.

If you’d like to see how the Lepide Data Security Platform can help you secure sensitive data in your Windows File Systems, schedule a demo with one of our engineers.