Securing NAS at a coworking space

[johnyj]

Hi everyone - new member here!

 

I'm installing a NAS at a small coworking space that's shared with dozens of independent freelancers and companies.

 

The "NAS" that I'm installing is merely an external hard drive connected to the main router - so yes, it's janky and not ideal. I have the files backed up on the cloud for redundancy, but my main worry is security.

 

What are the necessary steps to take with a setup like mine to ensure my files cannot be accessed by the network administrator or other people on the network?

[BrinkGG]

5 minutes ago, johnyj said:

Hi everyone - new member here!

 

I'm installing a NAS at a small coworking space that's shared with dozens of independent freelancers and companies.

 

The "NAS" that I'm installing is merely an external hard drive connected to the main router - so yes, it's janky and not ideal. I have the files backed up on the cloud for redundancy, but my main worry is security.

 

What are the necessary steps to take with a setup like mine to ensure my files cannot be accessed by the network administrator or other people on the network?

First off, welcome to the forum! 

Couple of questions for you:

What router is this hard drive connected to? 

Why does this need to be a networked device? Who needs to access it besides you?

(Sharing a networked drive from YOUR pc may be a much easier option with user account control) 

 

As a sysadmin myself, why do you not want the network administrator accessing this drive?

Usually the admin should have access to everything on the network to do their job properly and make sure the network is set up properly, and is secure. 

 

EDIT: Reread post and understand properly now. 

Sharing a mapped network drive from your desktop is the better solution here. You can control who has access to it via Windows UAC. 

I can walk you through this if needed. 

[jake9000]

Since your constraint is that you don't own the networking gear and don't want the network's owner to access your stuff, the best thing would be to encrypt it. 

 

Using Veracrypt you can create an encrypted folder on the drive. You'd be able to access it from your computer (since you have the key), and while the admin might be able to steal the entire encrypted blob they wouldn't be able to open it. 

[dalekphalm]

Yeah there's no pretty way to do this. On a typical NAS (Synology or QNAP Appliance), you'd create separate user accounts for each user (freelancer), and then you'd simply use folder permissions and separate shares to ensure that only the correct user is given access to each folder.

 

On top of that, the Network Admin would still be given admin access to the NAS - though, as others have said, you can (and probably should) encrypt your specific folder using something like VeraCrypt.

 

Most Routers do not support this level of granularity.

 

With a HDD plugged into a Router, you likely will have the thing wide open to all users, and it would be up to each individual user to encrypt their own files by themselves. This is a bad setup. Do not do this setup. Or, if you do, make a very good liability waiver form, and get every person to sign it.

 

What exactly is the goal here? To give each user their own chunk of the NAS? If so, why are you doing this, and not the Network Admin?

[Pixel5]

you will never get an HDD plugged into a router that you dont control secured in any way.

 

Get your own managed switch and a proper NAS if you really want it to be secured.