Network Attached Storage Security on LAN?

Discussion in 'Computer Security' started by jtsnow, Feb 9, 2005.

  1. jtsnow

    jtsnow Guest

    I have a Networ Attached Storage (NAS) device on home LAN behind a Linksys
    router (w/firewall) connected full time to WWW. The NAS is a backup server
    that controls a USB harddrive and backs up 4 PCs. The NAS is Linksys NSLU2
    controlling a 250mb drive. I suppose this is the same issue with the
    Buffalo units and any device that acts as a server on the LAN. The NSLU2 is
    a Linux OS which I know nothing of.

    How do I protect the disk contects on the NAS from being seen or tampered
    with from someone on the WWW? Or is the firewall all I need? I not worried
    about anything on the LAN, just access via WWW.

    Any opinions are welcome to understand my security risks here.

    Thank you!
    jtsnow, Feb 9, 2005
    1. Advertisements

  2. jtsnow

    johns Guest

    I say take it down for now. I bought a Maxtor One
    Touch USB drive, and with it came a program called
    Retrospect. That program is designed to creat backup
    scripts that can be used to automate backups to network
    drives ( USB on a Linksys box ) of selected files on
    any group of computers. What I noticed immediatley
    is that Retrospect defeated the default port settings in
    WinXP Pro SP2, and turned them on. I now have
    access to Microsoft network shares like back in the
    good old Win95 days. Seriously, I have 100 shares
    in network neighborhood. I bought this little goodie
    at Office Depot. So can any kid playing around the
    net hunting for "shares".

    johns, Feb 9, 2005
    1. Advertisements

  3. jtsnow

    Leythos Guest

    First flaw in scheme - there is no such device as a LINKSYS ROUTER WITH
    FIREWALL - All linksys units are NAT devices, they are not firewalls.

    I'm assuming that you didn't connect the NAS to the WWW, you just meant
    that your linksys is connected to the "internet" full time. (There is a
    LOT more to the internet than just web pages).
    Since you don't have a firewall anything that compromises your internal
    network can basically do what it wants and send your data where it wants.
    You have several issues:

    1) Inbound traffic will be blocked by the NAT (not firewall) device unless
    requested from something INSIDE your network.

    2) If you forward inbound traffic from the internet INTO the local
    network, you need to reconsider, or you need to create a real DMZ for that

    3) Anything that compromises your network already has access to all of
    your network and since you don't have a firewall you can't block it
    getting back out with your data (or anything else).
    You don't mention what OS the computers are running (other than the NAS)
    you don't mention what antivirus solution you run, you don't mention what
    network monitoring you have in place, you feel that a Linksys unit is a
    firewall for some reason (they are not), you should hire someone to
    perform an audit of your network and give you a formal result/plan to
    correct it.
    Leythos, Feb 9, 2005
  4. jtsnow

    jtsnow Guest

    not a clue what your talking about.....seems like a lot of drivel
    jtsnow, Feb 9, 2005
  5. jtsnow

    Leythos Guest

    Rather than being rude and assuming, you might want to look at what was
    posted in the response and LEARN what you're missing.

    Or, are you so full of your own drivel that you don't need any real help?
    Leythos, Feb 10, 2005
  6. jtsnow

    jtsnow Guest

    your one of those people whose self worth is built upon your ability to
    convince anonomously others that your know what your talkin about.

    no speakie the techo dribble babble here....try somewhere else to build up
    your importance.
    jtsnow, Feb 10, 2005
  7. jtsnow


    Listen buddy, if you do not know what you are talking about
    please do not post. It confuses the #!%@* out of users
    especially new ones.
    Check this link out
    , Feb 10, 2005
  8. jtsnow

    Leythos Guest

    I could have made a mistake about his specific situation, but I would not
    have posted if I had not felt I was making a mistake. I will check the
    link and then correct myself if needed.

    As for NAS, since it's on his network, if a system inside his network is
    comproised, then it can reach his NAS device too - what part was hard to
    understand about that?
    Leythos, Feb 10, 2005
  9. jtsnow

    jtsnow Guest

    no crap...that guy is major dweeboid.....

    go impress you buddies at Fry's. they are all 1/2 gene short of a full should be able to impress them
    jtsnow, Feb 10, 2005
  10. jtsnow

    Leythos Guest

    So, show me where I said anything incorrect - unless you don't understand
    security yourself.
    Leythos, Feb 10, 2005
  11. jtsnow

    Gladys Pump Guest

    Hey Leythos, I'd leave it. Kill-file the troll and let's move on.


    Gladys Pump, Feb 10, 2005
  12. jtsnow

    John Guest

    I guess this guy confuses marketing babble from Linksys with technical

    "The Linksys Bla bla Router with bla Switch is the perfect option to
    connect multiple PCs to a high-speed Broadband Internet connection or to
    an Ethernet back-bone. Allowing up to 253 users, the built-in NAT
    technology acts as a firewall protecting your internal network."

    He really doesn't seem to have a clue about security, and the same seems
    to be the case with the LinkSys marketeers.

    To mr. or ms. jtsnow:
    As long as insecure OSses, browsers, e-mail clients (and users) are in
    your LAN, a NAT solution is not enough. A *real* firewall solution is
    necessary in such a situation.

    If inbound connections are to be allowed, also a DMZ should be
    considered (and used).

    So this advise

    "you should hire someone to perform an audit of your network and give
    you a formal result/plan to correct it"

    is indeed the sanest you can get.

    John, Feb 10, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.