• March 28, 2024, 05:07:16 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Pages: [1] 2 3

Author Topic: How secure is my NAS?  (Read 27164 times)

Sincere1

  • Level 1 Member
  • *
  • Posts: 21
How secure is my NAS?
« on: October 18, 2009, 08:20:42 AM »

I'm an intermediate level computer user, but completely new to NAS, don't know a thing about Linux, and am dangerously under educated about home networking security.  I have read all the basic stuff, but network communications and security layers gets pretty deep very quickly.

I have a DNS-232 running FW 1.07, behind a D-Link 2640B wireless router/DSL modem.  Setting options in the 2640B reminds me of reading MOBO instructions: 1000 options, zero guidance.

How secure is my NAS sitting behind the default 2640B firewall?  I should add that also behind the firewall are my wireless laptop using WPA2, my desktop machine (wired), and my son's desktop (wired) that is a viper's nest of malware, adware, trojans, etc.

Thank you!
Logged

gunrunnerjohn

  • Level 11 Member
  • *
  • Posts: 2717
Re: How secure is my NAS?
« Reply #1 on: October 18, 2009, 11:49:35 AM »

Well, your son's machine seems to be the issue here. ;) 

If you want real security, I think I'd get a firewall between him and the rest of your network.  ::)
Logged
Microsoft MVP - Windows Desktop Experience
Remember: Data you don't have two copies of is data you don't care about!
PS: RAID of any level is NOT a second copy.

Sincere1

  • Level 1 Member
  • *
  • Posts: 21
Re: How secure is my NAS?
« Reply #2 on: October 18, 2009, 08:09:26 PM »

Can you steer me to some education on dividing a home network up?  I have to share the internet connection, but I don't have to share the network - only I'm not sure how to set up my "mini-network" to exclude him from it.  All machines are using Win XP.

Also, I'm curious about how secure the NAS is from the outside world.  I get the general idea that the firewall using NAT pretty much hides my NAS from the internet.  Is there anything that weakens that security?  Or is there anything I should do to strengthen the default security?

Thank you
Logged

gunrunnerjohn

  • Level 11 Member
  • *
  • Posts: 2717
Re: How secure is my NAS?
« Reply #3 on: October 19, 2009, 05:30:09 AM »

Any port forwarding through the router will weaken your security.

If you want to be secure, here's my recipe.

Buy a second router and connect it's WAN port to one of the LAN ports on the primary router.  Connect all the "insecure" machines (like your son's) to the first router.  Connect all the network devices you wish to have protected from him and the Internet on the secondary router.

Logged
Microsoft MVP - Windows Desktop Experience
Remember: Data you don't have two copies of is data you don't care about!
PS: RAID of any level is NOT a second copy.

P01arBear

  • Level 2 Member
  • **
  • Posts: 90
Re: How secure is my NAS?
« Reply #4 on: October 19, 2009, 11:29:39 AM »

Instead of having 2 routers, you could also snap on an "AlphaShield" external firewall, it's cheap and...Has been proven to be unhackable up to know. There was a 2M$ contest to hack it, no one won. The only thing is, this firewall is so safe...It can be hell with some softwares such as msn.

You see, this alphashield doesn't let data in unless you have "asked" for it. Let's say you're on msn, people won't be able to write to you unless you have started the conversation. Your computer becomes a vault on the inbound side, but this doesn't affect the outbound. It just makes you unreachable from outside, but if you let a virus in your network (downloads), then the firewall isn't going to be much help. The alphashield is good if you want to totaly secure your PC because you have confidential data and don't use it for gaming or chating, but only for surfing websites.

If this is what you want, I suggest you get it by ebay, usualy around 60-80$.

On the other hand, for something less intrusive I recommend using a GOOD anti-virus with a firewall also on each computer. I swear by Eset's Nod-32. You can get their SmartSecurity kit wich includes an anti-virus and firewall, or just the anti-virus wich a separate free firewall such as PC tools, wich is free and well rated for windows XP (on Vista it wasn't rated as well). There are other good firewalls like Outpost and Online Armor also, and anti-viruses such as Kapersky and Bitdefender wich are all very respected.

Usualy mixing a router (better if you have one with SPI firewall) plus a GOOD RATED anti-virus and firewall on each computer, then you're pretty much as protected as can be. Of course, there could be some other small tweaks that could help, but for what it's worth, the solutions above should do the trick.

Like said above, every port open is a breach.



« Last Edit: October 19, 2009, 11:37:34 AM by P01arBear »
Logged
DWA-552 Atheros 9.2.0.105 driver w/ ANT24-0230
DIR-655 A4 Firmware 1.21

gunrunnerjohn

  • Level 11 Member
  • *
  • Posts: 2717
Re: How secure is my NAS?
« Reply #5 on: October 19, 2009, 12:26:23 PM »

The two routers are cheaper, easy to install, and require no fooling around with the software or allowing each package access.  As long as you don't forward any ports, you are quite safe behind almost any SOHO router, SPI is pretty standard nowadays.  Remember, he already has one router.  ;)
Logged
Microsoft MVP - Windows Desktop Experience
Remember: Data you don't have two copies of is data you don't care about!
PS: RAID of any level is NOT a second copy.

fordem

  • Level 10 Member
  • *****
  • Posts: 2168
Re: How secure is my NAS?
« Reply #6 on: October 19, 2009, 01:11:43 PM »

You see, this alphashield doesn't let data in unless you have "asked" for it. Let's say you're on msn, people won't be able to write to you unless you have started the conversation. Your computer becomes a vault on the inbound side, but this doesn't affect the outbound. It just makes you unreachable from outside, but if you let a virus in your network (downloads), then the firewall isn't going to be much help. The alphashield is good if you want to totaly secure your PC because you have confidential data and don't use it for gaming or chating, but only for surfing websites.

You could apply this description equally well to any NAT router even my old Linksys BEFSR11 which had NO firewall - you see, that is exactly how NAT works - NAT allows all outgoing connections and keeps track of where (which host) they came from and uses that information to direct the incoming response - however - if the incoming data does not match an existing outgoing request, the NAT router has no clue where to send it and simply discards it.

So what you have is nothing more than some slick advertising copy.

More to the point - gunrunnerjohn's solution is really the only inexpensive way to deal with his particular problem, which quite simply is that he already has a compromised host on the inside of his perimeter firewall, so, what a cracker would do is take control of the compromised host and use it to attack the other "unprotected" targets on the LAN.
Logged
RAID1 is for disk redundancy - NOT data backup - don't confuse the two.

Sincere1

  • Level 1 Member
  • *
  • Posts: 21
Re: How secure is my NAS?
« Reply #7 on: October 21, 2009, 06:11:59 AM »

Yes, I see what you mean.  Here I had been thinking I could somehow create my own private XP home network and exclude my son.  I hadn't thought about the fact that once they're past the NAT firewall, my best defense is gone.

Too bad I didn't think to ask these questions before I shelled out good money for my 2640B, because I intentionally bought it as an "all-in-one".  I'll now have to start pricing another wireless G router since the expensive first router converts my DSL.

Can I split the DSL line and just stick him on his own router?  I'd still have to spend for a DSL/router combo, but I could keep the modern features and wireless of my 2640B.  Or does my ISP provide only one IP address at a time, so nixing the "two dsl modems" idea?

Thank you

Logged

gunrunnerjohn

  • Level 11 Member
  • *
  • Posts: 2717
Re: How secure is my NAS?
« Reply #8 on: October 21, 2009, 06:30:23 AM »

You can't use two modems, one modem to a DSL line.

You just need a secondary router to do what I suggested.  What's so special about the D-Link 2640B, looks like a pretty standard DSL gateway to me.
Logged
Microsoft MVP - Windows Desktop Experience
Remember: Data you don't have two copies of is data you don't care about!
PS: RAID of any level is NOT a second copy.

Sincere1

  • Level 1 Member
  • *
  • Posts: 21
Re: How secure is my NAS?
« Reply #9 on: October 22, 2009, 04:06:17 PM »

The 2640B has modern wireless features like WPA2.  It also allows specific port forwarding which I understand not all routers do (but most?), and I believe UPnP.  I'm not interested in the last two but my son is.

I suppose I'm undereducated on this subject also, but when I was shopping for the current router, it seemed like router/DSL modem combos were harder to find.

If I'm going to keep my secure wireless, I'll need to place the 2640B second in line.  So is it hard to find a modem/router with port forwarding capability to place first in line?

Thank you
Logged

gunrunnerjohn

  • Level 11 Member
  • *
  • Posts: 2717
Re: How secure is my NAS?
« Reply #10 on: October 22, 2009, 04:20:12 PM »

Actually, WPA2, uPnP, and port forwarding are standard features of almost any current generation router.  Since you already have that router in place and your son's connecting through it, my previous suggestion seems made to order for you.  I can't think of a new router that doesn't offer WPA2.  I'd suggest the D-Link DNS-615, it's available regularly for $40 or even less, and it's a decent 802.11n router.  I have one here, and it's worked well for some time.
Logged
Microsoft MVP - Windows Desktop Experience
Remember: Data you don't have two copies of is data you don't care about!
PS: RAID of any level is NOT a second copy.

fordem

  • Level 10 Member
  • *****
  • Posts: 2168
Re: How secure is my NAS?
« Reply #11 on: October 22, 2009, 07:29:19 PM »

Under NO circumstances should you give your son access to uPnP unless you figure out a way to get a firewall between his system and the rest of your network.

uPnP provides a mechanism where the software on his computer can automatically configure the router permitting all sorts of mayhem to be achieved.  Personally I would disable uPnP.
Logged
RAID1 is for disk redundancy - NOT data backup - don't confuse the two.

gunrunnerjohn

  • Level 11 Member
  • *
  • Posts: 2717
Re: How secure is my NAS?
« Reply #12 on: October 23, 2009, 05:17:01 AM »

With the secondary router, all uPnP is going to do is allow him to nuke himself faster on the Internet. :)  Obviously, you don't enable uPnP on the secondary router!  :o :)
Logged
Microsoft MVP - Windows Desktop Experience
Remember: Data you don't have two copies of is data you don't care about!
PS: RAID of any level is NOT a second copy.

fordem

  • Level 10 Member
  • *****
  • Posts: 2168
Re: How secure is my NAS?
« Reply #13 on: October 23, 2009, 05:34:04 AM »

With the secondary router, all uPnP is going to do is allow him to nuke himself faster on the Internet. :)  Obviously, you don't enable uPnP on the secondary router!  :o :)

That would qualify as the "firewall between his system and the rest of your network" that I am advocating.
Logged
RAID1 is for disk redundancy - NOT data backup - don't confuse the two.

gunrunnerjohn

  • Level 11 Member
  • *
  • Posts: 2717
Re: How secure is my NAS?
« Reply #14 on: October 23, 2009, 05:37:09 AM »

That would qualify as the "firewall between his system and the rest of your network" that I am advocating.
100% correct, it's the cheapest way I know to totally isolate yourself from such a situation.  I have a similar arrangement here for the wireless network.  I actually have two wireless networks, the "public" one that I really don't care what happens on, and my private one that is restricted to my connections.
Logged
Microsoft MVP - Windows Desktop Experience
Remember: Data you don't have two copies of is data you don't care about!
PS: RAID of any level is NOT a second copy.
Pages: [1] 2 3