NFS

Network File System is the Unix networking protocol that allows files and printers to be shared across the network. This de facto Unix standard, which is widely known as a distributed file system, was developed by Sun Microsystems, and defined in RFC 1094 (RFC 1813 defines Version 3). NFS services are also available on Windows NT servers, which enables Unix workstations to gain access to its files and printers.

The counterpart of NFS in DOS, Windows, and OS/2 environments is SMB (Server Message Block), and in NetWare is NCP (NetWare Core Protocol). NFS, SMB, and NCP are all high-level protocols (OSI layers 5 to 7) that provide open and close file and read and write functions, as well as access control. They ride on top of the transport protocols (TCP/IP, NetBIOS, NetBEUI, IPX/SPX), which manage the transfer.

If I need to use NFS, how can I make it more secure?

Any filesystems listed in /etc/dfs/dfstab will be exported to the world, by default. Include a list of NFS clients (or a netgroup) with the ô-o rwö or ô-o roö options.
Include the ônosuidö option to disable setuid programs on that mount where applicable
Do not run nfs mount through rpcbindùthe mount daemon will see the request as being local and allow it. This is the source of known rpcbind vulnerabilities as reported by CERT. Use a rpcbind replacement that does not forward mount requests through.
Use secure-RPC if possible. If not, youÆre using ôAUTH_UNIXö authentication, which simply depends on the IP address of the client for identification. Any machine using the IP address of the ones in your access list can gain access to NFS.
Disable NFS if possible. NFS traffic flows in clear-text (even when using ôAUTH_DESö or ôAUTH_KERBö for authentication) so any files transported via NFS are susceptible to snooping.
Programs can guess the file handle of the root mount point and get any file from an NFS server, regardless of any access rights. Use fsirand to randomize inode numbers on NFS servers.