Network File System (NFS): Everything you need to know
Network File System (NFS) is a protocol that allows users to access files stored on a remote machine. Although decades old, it’s still widely used by many companies that need to make their resources available to users through corporate networks. Learn more about this protocol and its strengths and drawbacks.
Table of Contents
Table of Contents
What is NFS?
Network File System is a network protocol that allows network users to access remotely stored files as if they were stored locally on their machines. It’s one of the first distributed file systems where multiple users can share resources, allowing them to work simultaneously on the same target.
The protocol was originally developed in 1984 by Sun Microsystems, an American technology company. It might seem dated, but the NFS protocol is still widely used — although it has undergone some changes.
How does the NFS work?
For Network File System to work properly, there must be an NFS server (host) and an NFS client (or clients). The server must have NFS software installed and be configured to accept and respond to NFS requests. It also has to be connected to the IP network that will be used to share resources.
NFS clients also need to be properly configured to send and receive NFS requests. They require NFS client software installed and, of course, must be connected to the same network as the server to access remote files.
Starting an NFS server requires installing an NFS daemon, the program responsible for handling clients’ NFS requests. The server administrator must then configure an NFS mount point, which is a shared directory used to identify the server on the network.
Each NFS client can have different configurable permissions. Depending on the network’s needs and security measures, users can read, write, and/or execute shared files just as if they were stored locally. In reality, they’re stored and shared on a remote server, making it easy for all network members to access them when needed.
Different NFS versions
The NFS protocol has three versions. Let’s take a quick look at them.
NFSv2
NFSv2, released in 1989, is the oldest version of the protocol. It used the User Datagram Protocol (UDP) and was designed to keep the server stateless, meaning the server didn’t have to keep track of user or session details. Every time a client wanted to access resources on the NFS server, they had to send a complete and detailed request. The maximum file size that clients could read was limited to 2 GB.
NFSv2 is an outdated protocol, and now newer ones are more common.
NFSv3
The NFSv3 protocol was released in 1995. It removed the file size limit in the previous version and used the Transmission Control Protocol (TCP), making it easier to use NFS over Wide Area Networks (WANs). NFSv3 also improved file writing performance.
NFSv4
Released in 2003, NFSv4 is the latest version of Network File System. This update introduced authentication and privacy measures as well as a stateful protocol that, unlike the stateless version, was designed to remember previous events and user interactions. The NFSv4 protocol was further developed, resulting in versions 4.1 and 4.2.
NFSv4 uses one TCP and UDP port — 2049 — to run the service, making it easier to use NFS over firewalls. In previous versions, additional configuration was required to enable a connection through the firewall.
What services do you need for NFS?
Network File System uses specific command-line services to function properly. Below are some of the most commonly used ones. These are just examples — NFS is highly configurable and versatile and includes numerous other services used to perform various actions.
- rpc.mountd is a service responsible for receiving and handling mount requests from clients. Mount requests are essentially requests for remote access to shared files. It is available in NFSv2 and NFSv3.
- nfsd is a service responsible for handling client requests for file system operations.
- rpc.rexd is used to execute programs on a remote machine when requested by the client.
Benefits of NFS
The NFS protocol is still one of the most widely used protocols, and for several good reasons:
- Enables file sharing. The main purpose of Network File System is to enable remote file sharing, but it’s a huge advantage nonetheless. It allows multiple users to remotely access the same files as if they were all storing them locally, greatly increasing efficiency.
- Real-time data access. All clients connected to the NFS server can write and read the duplicate files, ensuring that data is up to date.
- Reduces storage needs. By allowing the main NFS server to store all the necessary files, clients don’t need to store them locally, saving storage space.
- Scalability. Network File System is scalable, meaning it can grow in size and accommodate more resources according to the network’s needs.
- Reduces security risks associated with removable storage devices. Having a working NFS server on the network means clients don’t have to rely on removable disks and flash drives. It reduces the risks associated with malware infections spread through peripheral devices.
- A mature protocol. NFS is a mature protocol, which is a good thing. Its implementation and use cases are well-known, and there are plenty of resources available for anyone who wishes to learn how to use it.
Disadvantages of NFS
Network File System (NFS) has many advantages, but it’s not without disadvantages. Below are the most important:
- Security. Older versions of NFS, in particular, had very limited security features. Newer versions are more secure but still imperfect, so implementing additional security measures is necessary.
- Network dependency. NFS is dependent on the quality and reliability of the network it uses. If the network is unreliable, file sharing will be affected by it.
- Transfer limitations. Even newer NFS protocols allow small amounts of data to be transferred during read-and-write requests, which may not be sufficient in today’s world, where some operations might require transfers in gigabytes rather than megabytes.
How to make Network File System secure
Improperly implemented and managed Network File System can put data at risk. Hackers look for any vulnerability they can exploit to access (and steal) sensitive data, so it’s important to always prioritize security and follow some basic NFS safety guidelines:
- Enable two-factor authentication in your company. If your employees are logging into corporate networks, two-factor authentication should be enabled to make it difficult for unauthorized users to access corporate networks using stolen login credentials.
- Encrypt your files. Network File System is purely a file-sharing protocol. By default, it doesn’t provide encryption for files shared and transferred over it. However, there are ways to secure NFS with encryption. You can also pair it with Kerberos, a protocol used to authenticate users.
- Install the latest software patches. If a software patch is available, it’s never a good idea to delay installing it. Not doing so can result in security vulnerabilities that can be exploited by hackers.
- Configure NFS file system access. Access to file systems shouldn’t be granted to everyone. It’s better to determine which NFS clients need certain file systems and grant them individual access. Doing so reduces the risk of unauthorized access to sensitive data.
- Manage file system privileges. In Network File System, user privileges can be specified and modified. As a rule of thumb, you should always allow users only the permissions they need. For example, if a specific user doesn’t need to write to the file system, they should be given read-only privileges.
- Use a VPN. If you’re planning to connect to an NFS server over the internet, consider using a secure VPN tunnel and configure the NFS server to block all other access. Get a VPN, but don’t treat it as a universal solution to all problems. Instead, treat it as one of many security measures you should implement.