Encrypting NFSv4 with Stunnel TLS

NFS clients and servers push file traffic over clear-text connections in the default configuration, which is incompatible with
sensitive data. TLS can wrap this traffic, finally bringing protocol security. Before you use your cloud provider’s NFS tools, review
all of your NFS usage and secure it where necessary.

The Network File System (NFS) is the most popular file-sharing protocol in UNIX. Decades old and predating Linux, the most modern v4
releases are easily firewalled and offer nearly everything required for seamless manipulation of remote files as if they were local.

The most obvious feature missing from NFSv4 is native, standalone encryption. Absent Kerberos, the protocol operates only in
clear text, and this presents an unacceptable security risk in modern settings. NFS is hardly alone in this shortcoming, as I have
already covered clear-text
SMB in a previous article
. Compared to SMB, NFS over stunnel offers better encryption (likely AES-GCM if
used with a modern OpenSSL) on a wider array of OS versions, with no pressure in the protocol to purchase paid updates or newer OS
releases.

NFS is an extremely common NAS protocol, and extensive support is available for it in cloud storage. Although Amazon EC2 supports
clear-text and encrypted NFS, Google Cloud makes no mention
of data security in its documented procedures, and major initiatives for
the protocol recently have been launched by Microsoft Azure and Oracle Cloud that raise suspicion. When using these features over
untrusted networks (even within the hosting provider), it must be assumed that vulnerable traffic will be captured, stored and
reconstituted by hostile parties should they have the slightest interest in the content. Fortunately, wrapping TCP-based NFS with TLS
encryption via stunnel, while not obvious, is straightforward.

The performance penalty for tunneling NFS over stunnel is surprisingly small—transferring an Oracle Linux Installation ISO over an
encrypted NFSv4.2 connection is well within 5% of the speed of clear text. Even more stunning is the performance of
fuse-sshfs, which
appears to beat even clear-text NFSv4.2 in transfer speed. NFS remains superior to sshfs in reliability, dynamic
idmap and
resilience, but FUSE and OpenSSH delivered far greater performance than expected.

Powered by WPeMatico