• March 29, 2024, 06:24:08 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Pages: 1 [2] 3

Author Topic: How secure is my NAS?  (Read 27171 times)

fordem

  • Level 10 Member
  • *****
  • Posts: 2168
Re: How secure is my NAS?
« Reply #15 on: October 23, 2009, 11:27:20 AM »

I actually have two wireless networks, the "public" one that I really don't care what happens on, and my private one that is restricted to my connections.

Just my $0.02 - you should care - you're responsible for any attacks that originate at your public ip address.

Many people feel that, because of the dynamic nature of things on the internet, that such attacks cannot be traced back to the source - this is incorrect and your ISP will have logs that show which subscriber had a given ip at a given time, even with dynamically assigned addresses.

I like to "illustrate" things, so if you'll just allow me ...

I live in a fairly small third world country where not every one has a computer in their home, and small "internet cafes", where you can buy a few hours of online time for a small fee are quite popular.  DHCP addressing is the norm here, static address are available for a fee, and due to an unreliable power utility, the norm is to shut down everything and unplug, when you close business at the end of the day - I mention this so that you know the ip addresses change pretty much on a daily basis.

Someone used one of these cafes, located in a small town outside of the capital city, to send a threatning email to an airline, copying to the US state department - and even though neither state nor FBI has any jurisdiction here, within 24 hours of the email being received, the FBI, with support from the local police had raided the cafe, seized equipment and detained the owner & operator of the cafe to assist in the investigation.

The owner was released after a couple of days, and the equipment eventually returned, as there was no way to identify who actually sent the email - since no records of identity were kept at that time, legislation has since been past requiring cafe operators to keep such records.

Think about it - someone, parked outside your place, connects to your public WiFi and starts snooping around TSA or Homeland Security - or for that matter, someone, who knows where on the internet, takes control of a bot in your "DMZ" and does the same.

Where does the trace point to?  Whose door are the Feds knocking on?  Who are they going to detain "to assist in the investigation?
Logged
RAID1 is for disk redundancy - NOT data backup - don't confuse the two.

gunrunnerjohn

  • Level 11 Member
  • *
  • Posts: 2717
Re: How secure is my NAS?
« Reply #16 on: October 23, 2009, 11:44:28 AM »

Just my $0.02 - you should care - you're responsible for any attacks that originate at your public ip address.
Well, just for clarity, my "public" network is WPA2 encrypted, it's not for anyone to use.  My point is that for guests here and when I'm working on a potentially infected machine, I use that connection to isolate them from my network.  So, "public" is pretty limited in my context.

I would have thought that from my posts you'd have a better opinion of my knowledge, apparently not.  Gad, I didn't just fall off the turnip truck!
Logged
Microsoft MVP - Windows Desktop Experience
Remember: Data you don't have two copies of is data you don't care about!
PS: RAID of any level is NOT a second copy.

Sincere1

  • Level 1 Member
  • *
  • Posts: 21
Re: How secure is my NAS?
« Reply #17 on: October 23, 2009, 09:21:48 PM »

Last night I ordered a D-Link 2540B DSL Modem/Router (no wireless).  Sometime after that I read your post about the DIR-615 and remembered that I had almost purchased it originally, until I found that it wasn't a DSL modem (and at that time I needed an all-in-one).  Had I read your post prior to placing my order, I might have saved $20.  Oh well, it was a choice between two wireless routers or two DSL modem/routers at this point, so the second wireless network is now moot for my case.

I will place the 2540B first in line, and let my son do limited port forwarding from it.  I read some pretty authoritative articles saying that the security of port forwarding was mostly relative to the program you are using it for, that if the program was well patched and a secure program like Bit Torrent, and you pick an unusual port number for good measure, that you're reasonably secure.  The idea being that a program on your computer must request the data on the given port or the NAT will drop it.  If the program doesn't have a hitchhiker secretly requesting data, then you're ok.  If either of you has a link to a good site that supplies contrary info, I'd appreciate it.  I've gotten my son to run the basic security measures on his machine: a good antivirus and a bidirectional firewall.  If port forwarding is really a major security breach, I'd like to know before some agent knocks on our door.

Thank you

Logged

gunrunnerjohn

  • Level 11 Member
  • *
  • Posts: 2717
Re: How secure is my NAS?
« Reply #18 on: October 24, 2009, 06:47:46 AM »

What router are you putting behind it?  That one can't also be a DSL modem/router.
Logged
Microsoft MVP - Windows Desktop Experience
Remember: Data you don't have two copies of is data you don't care about!
PS: RAID of any level is NOT a second copy.

fordem

  • Level 10 Member
  • *****
  • Posts: 2168
Re: How secure is my NAS?
« Reply #19 on: October 24, 2009, 08:38:25 AM »

Well, just for clarity, my "public" network is WPA2 encrypted, it's not for anyone to use.  My point is that for guests here and when I'm working on a potentially infected machine, I use that connection to isolate them from my network.  So, "public" is pretty limited in my context.

I would have thought that from my posts you'd have a better opinion of my knowledge, apparently not.  Gad, I didn't just fall off the turnip truck!


You really shouldn't take things so personally - this is a discussion forum, where people from all walks of life and all levels of experience participate.

What if someone comes along and reads your post and thinks - this guy didn't just fall off the turnip truck - and replicates what he thinks is your safe configuration, only to have a rude awakening ?  Sometimes a little more detail is necessary to ensure that more people have a better understanding.
Logged
RAID1 is for disk redundancy - NOT data backup - don't confuse the two.

gunrunnerjohn

  • Level 11 Member
  • *
  • Posts: 2717
Re: How secure is my NAS?
« Reply #20 on: October 24, 2009, 08:39:53 AM »

Sometimes a little more detail is necessary to ensure that more people have a better understanding.
Yep, and there's your detail.  ;)
Logged
Microsoft MVP - Windows Desktop Experience
Remember: Data you don't have two copies of is data you don't care about!
PS: RAID of any level is NOT a second copy.

Sincere1

  • Level 1 Member
  • *
  • Posts: 21
Re: How secure is my NAS?
« Reply #21 on: October 24, 2009, 02:09:58 PM »

Boys, boys.  gunrunnerjohn, I agree with fordem that your reaction was a bit harsh.  He has a good point, and I'm the newbie who provides the case in point.  You'd be best to assume I know nothing.  For example, I rushed out and bought a second DSL modem/router, not wanting to give up the fine features of my more expensive D-Link 2640B.  Then I read your post gunrunnerjohn, and immediately realized the foolish mistake I made.  I called Techforless.com today, and even though the modem is in transit, they were kind enough to offer to take it back for full refund incl. shipping.  They deal mainly in open box goods, which might be fine for guys like you and fordem.  Book mark their site!  Sorry, that's my sales pitch for them being kind to me.

So I now have a DIR-615 on it's way from another vendor (techforless didn't have them).  I'll have to waste some of what I paid for in the 2640B, but as you say, it's already configured for my ISP, the DSL is functional, so that's certainly worth something.

The guy at techforless happened to previously do router support, and mentioned that I'll have to change the IP address of one router to get them to talk to each other.  If he said which one I wasn't listening closely enough.  Does it matter?
Logged

gunrunnerjohn

  • Level 11 Member
  • *
  • Posts: 2717
Re: How secure is my NAS?
« Reply #22 on: October 24, 2009, 02:36:42 PM »

Yep, it's a simple process.  If both of them have a base address of 192.168.2.1, which is typical for D-Link routers, you'll have to configure one (I recommend the new one) to have a a base address in another subnet, say 192.168.1.1 or 192.168.2.1, etc.  This is done on the Network Settings link from the SETUP screen of the DIR-615.  It's the Router IP Address that you want to change.
Logged
Microsoft MVP - Windows Desktop Experience
Remember: Data you don't have two copies of is data you don't care about!
PS: RAID of any level is NOT a second copy.

Sincere1

  • Level 1 Member
  • *
  • Posts: 21
Re: How secure is my NAS?
« Reply #23 on: November 08, 2009, 07:15:44 AM »

I received the DIR-615 and have it networked in.  I haven't moved the wireless laptop to the DIR-615 yet, but the my desktop machine is working there.  Gunrunner John, I followed your instructions to connect the WAN port of the DIR-615 to a LAN port on the 2640B. I didn't need to change the IP address because the 2640B uses 192.168.1.1 and the DIR-615 uses .0.1
The DIR-615 instructions had a section on connecting to another router, but they were intended for adding to your network as opposed to creating a 2nd network behind the first.  It instructed me to plug into a LAN port on the 615 instead of the WAN.  I ignored that part & followed your instructions.

But they also said to disable UPnP (I agree), and DHCP, which seems to make sense: you can't have both routers trying to assign IP addresses can you?  Leave DHCP off?

Thanks!
Logged

gunrunnerjohn

  • Level 11 Member
  • *
  • Posts: 2717
Re: How secure is my NAS?
« Reply #24 on: November 08, 2009, 07:19:58 AM »

If you want to connect the DIR-615 and eliminate it's NAT layer (making it into a WAP), here's the recipe.


Connecting two (or more) SOHO broadband routers together.

Note: The "primary" router can be an actual router, a software gateway like Microsoft Internet Connection Sharing, or a server connection that has the capability to supply more than one IP address using DHCP server capability.  No changes are made to the primary "router" configuration.

Configure the IP address of the secondary router(s) to be in the same subnet as the primary router, but out of the range of the DHCP server in the primary router.  For instance DHCP server addresses 192.168.0.2 through 192.168.0.100, I'd assign the secondary router 192.168.0.254 as it's IP address, 192.168.0.253 for another router, etc.

Note:  Do this first, as you will have to reboot the computer to connect to the router again for the remaining changes.

Disable the DHCP server in the secondary router.

Setup the wireless section just the way you would if it was the primary router, channels, encryption, etc.

Connect from the primary router's LAN port to one of the LAN ports on the secondary router.  If there is no uplink port and neither of the routers have auto-sensing ports, use a cross-over cable.  Leave the WAN port unconnected!

This procedure bypasses the routing function (NAT layer) and configures the router as a switch (or wireless access point for wireless routers).

For reference, here's a link to a Typical example config using a Netgear router
Logged
Microsoft MVP - Windows Desktop Experience
Remember: Data you don't have two copies of is data you don't care about!
PS: RAID of any level is NOT a second copy.

Sincere1

  • Level 1 Member
  • *
  • Posts: 21
Re: How secure is my NAS?
« Reply #25 on: November 08, 2009, 07:57:01 PM »

I'm confused.  The idea was to create a second network behind the first.  My son's would be the sole computer connected to the first network, my wired desktop and my wireless laptop on the second.  This was to keep my machines secure from any attacks using his computer.

You earlier said to connect the 2nd router via its WAN port, now you say use the LAN port.  And why would I want to eliminate the NAT layer?  Isn't that half the security?

The instructions sound similar to the D-Link instructions, but that doesn't create a second firewall does it?  It just makes an extension of the first.
Logged

fordem

  • Level 10 Member
  • *****
  • Posts: 2168
Re: How secure is my NAS?
« Reply #26 on: November 09, 2009, 02:34:11 AM »

I received the DIR-615 and have it networked in.  I haven't moved the wireless laptop to the DIR-615 yet, but the my desktop machine is working there.  Gunrunner John, I followed your instructions to connect the WAN port of the DIR-615 to a LAN port on the 2640B. I didn't need to change the IP address because the 2640B uses 192.168.1.1 and the DIR-615 uses .0.1
The DIR-615 instructions had a section on connecting to another router, but they were intended for adding to your network as opposed to creating a 2nd network behind the first.  It instructed me to plug into a LAN port on the 615 instead of the WAN.  I ignored that part & followed your instructions.

But they also said to disable UPnP (I agree), and DHCP, which seems to make sense: you can't have both routers trying to assign IP addresses can you?  Leave DHCP off?

Thanks!

You're right, the idea is to have two networks, so you are going to connect the second router's WAN port to the first router's LAN port - and since you have two separate networks, you need DHCP on on both routers - the first router will issue ip addresses on it's network (call it OuterLAN) and the second router, will issue addresses on it's network (call it InnerLAN)
Logged
RAID1 is for disk redundancy - NOT data backup - don't confuse the two.

gunrunnerjohn

  • Level 11 Member
  • *
  • Posts: 2717
Re: How secure is my NAS?
« Reply #27 on: November 09, 2009, 05:28:31 AM »

You're right, I lost sight of the original problem.  :o

My original instructions were correct.
Logged
Microsoft MVP - Windows Desktop Experience
Remember: Data you don't have two copies of is data you don't care about!
PS: RAID of any level is NOT a second copy.

Sincere1

  • Level 1 Member
  • *
  • Posts: 21
Re: How secure is my NAS?
« Reply #28 on: November 27, 2009, 08:44:07 PM »

Sorry for the long delay!  Had way too much going on lately to go back to this issue.  I currently have the DIR-615 daisy chained thru the 2640B, my desktop machine wired to the DIR-615 and have internet there.  The laptop still has internet wirelessly thru the 2640B, and I've been trying to connect it to the wireless AP of the DIR-615.  The laptop does see the DIR-615 as an available network, but I think won't finally connect due to IP address conflicts.  The 2640B uses a default gateway of 192.168.1.1 where the DIR-615 uses 192.168.0.1, each with their expected IP address range.

I'd like to know: how does a Windows XP machine establish it's IP address (using DHCP)?  When it boots?

Thanks and hope you guys are both still there!
Logged

Sincere1

  • Level 1 Member
  • *
  • Posts: 21
Re: How secure is my NAS?
« Reply #29 on: November 27, 2009, 09:35:43 PM »

I did a little playing around, and now believe that the Windows machine aquires an IP address not from its own internal workings but from the DHCP server, which is the router in this case.  Correct?

So earlier tonight my laptop had an IP address of 192.168.1.2 while it was connected to the 2640B, because the 2640B has a range of 192.168.1.2 to 192.168.1.154 so it "gave out" the 192.168.1.2 address to my laptop.  Correct again?

I can't get the DIR-615 to connect to the laptop.  The settings in both the router and the laptop for WPA2-PSK with AES are pretty simple so that's not the problem I don't think. I suspect the trouble is related to the laptop not being able to aquire the IP address. 

On the advice of a D-Link support tech (nothing else he had me try worked) I upgraded the FW to 3.11

Any thoughts?
Logged
Pages: 1 [2] 3