Jump to content

How do I protect my home nas?

I got a terameter NAS for Christmas and I've been having trouble securing it. A few months ago I received a notification for my Xfinity app saying "xFi Advanced Security blocked a security risk on Home Server , but additional action is needed" when i tap on it it leads to nowhere. I'm not sure what to do because I've done the basics such as making a new admin account, changing a bunch of settings, and Enabled automatic block which seems to not do anything because the IP its coming from is different every time. I'm not sure what else to do because all i can think of is buying a Firewalla Purple which i would like to avoid because its $330. Does anyone have any ideas of what i can do besides of keeping it turned off?

Link to comment
Share on other sites

Link to post
Share on other sites

Is your NAS available outside of your local network? Like could you access it from a location other than your house? If so then you need a firewall, if you don't want a firewall, only make it available inside your network.

 

I run a family plex server and 3 Minecraft servers and I cannot tell you how many intrusions are blocked by my firewall alone lol

Sorry I probably edited my post. Refresh plz. Build Specs Below.

System

  • CPU
    Ryzen 9 5900x
  • Motherboard
    ASUS ROG STRIX X570-F
  • RAM
    32 GB (2X8) Trident Z Neo 3600MHz CAS 16
  • GPU
    ASUS ROG STRIX RTX 3070
  • Case
    Corsair 4000D Airflow
  • Storage
    Sabrent 1 TB TLC PCI 4.0 NVMe M.2
  • PSU
    NZXT C850 Gold PSU
  • Display(s)
    MSI Optix MAG342CQR 34" UWQHD
  • Cooling
    Corsair H100i RGB Pro XT 240mm
  • Operating System
    Windows 11
Link to comment
Share on other sites

Link to post
Share on other sites

If you never want to access it from outside your house, and it's not tying into any cloud services, you could set a static IP address for it but not define the default gateway. That will corral it to your local network.

Dell owns my soul.

Link to comment
Share on other sites

Link to post
Share on other sites

12 minutes ago, Needfuldoer said:

you could set a static IP address for it but not define the default gateway. That will corral it to your local network.

Please excuse my ignorance but how do I do this?

Link to comment
Share on other sites

Link to post
Share on other sites

24 minutes ago, ImAmSpecial said:

Please excuse my ignorance but how do I do this?

You'd have to go into the network settings on your NAS Device.

 

For example, if your network is:  192.168.1.XXX  

You could set the NAS to a static IP of: 

 

Static IP:  192.168.1.250

Subnet:  255.255.255.0

Gateway:  192.168.14.14

 

(14.14 is an invalid gateway, and network traffic won't move around outside of the local 192.168.1.XXX network.

Link to comment
Share on other sites

Link to post
Share on other sites

54 minutes ago, ImAmSpecial said:

Please excuse my ignorance but how do I do this?

Welcome to the forums!

 

You should also be able to do it via the settings in the router, but that will depend on the model. It should be under a setting like "DHCP IP Reservations"

Link to comment
Share on other sites

Link to post
Share on other sites

3 hours ago, ImAmSpecial said:

I got a terameter NAS for Christmas and I've been having trouble securing it. A few months ago I received a notification for my Xfinity app saying "xFi Advanced Security blocked a security risk on Home Server , but additional action is needed" when i tap on it it leads to nowhere. I'm not sure what to do because I've done the basics such as making a new admin account, changing a bunch of settings, and Enabled automatic block which seems to not do anything because the IP its coming from is different every time. I'm not sure what else to do because all i can think of is buying a Firewalla Purple which i would like to avoid because its $330. Does anyone have any ideas of what i can do besides of keeping it turned off?

Every router has a firewall built in - although consumer routers have pretty “bad” and very nom-configurable firewalls.

 

Knowing exactly what is happening here would help, but it sounds like whatever xfinity app thing that is reporting issues doesn’t actually know what it’s reporting. 
 

A NAS shouldn’t need “any settings” to make it secure. It should be secure by default… did you enable remove access or some sort of VPN?

Rig: i7 10700k @ 5.1Ghz, 4.8 Ring - - Z490 Vision G - - EVGA RTX 2080 XC Ultra @ 2025Mhz - - 4x8GB Vengeance Pro 3000Mhz 15-17-17-34 @ 3500MHz 16-19-19-38 - - Samsung 950 Pro 512 NVMe Boot + Main Programs - - Samsung 830 Pro 256 RAID 0 Lightroom + Photo work - - WD Blue 1 TB SSD for Games - - Corsair RM850x - - Sound BlasterX EA-5 - - EK Supremacy Evo - - XT45 X-Flow 420 + UT60 280 rads - - EK Full Cover GPU Block - - EK XRES RGB PWM - - Fractal Define S2 - - Acer Predator X34 -- Logitech G502 - - Logitech G710+ - - Logitech Z5500 - - LTT Deskpad

 

Headphones/amp/dac: Schiit Lyr 3 - - Fostex TR-X00 - - Sennheiser HD 6xx

 

Homelab/ Media Server: Proxmox VE host - - 512 NVMe Samsung 980 for VM's/Proxmox boot - - Xeon e5 2660 V4- - Supermicro X10SRF-i - - 64 GB ECC 2133 - - 10x4 TB WD Red RAID Z2 - - 10TB WD Red for expendable data - - Corsair 750D - - Corsair RM650i - - Dell H310 6Gbps SAS HBA - - Intel RES2SC240 SAS Expander - - TreuNAS + many other VM’s

 

iPhone Xs - 2018 MacBook Air

Link to comment
Share on other sites

Link to post
Share on other sites

I assume you mean a TerraMaster NAS. 

 

  • By default, it should only be accessible locally. 
  • As long as you havent forwarded ports from external to the NAS then it should be 'secure'. 
  • For security, you should really only use your "admin" account for configuring the NAS. You should create user accounts for accessing the shares. , and only give the users access to the shares they need. 
  • If other users don't require Write access, then give them a Read only account. This reduces risk of anyone overwriting or deleting files that they shouldn't. It also helps against Ransomware, if someone gets infected, it cant cryptolocker the NAS if they only have Read only. 

 

Personally all of my machines use a 'guest' account which is Read only, for accessing the NAS. Even my personal PC. 

 

My backup software uses a "backup account" which has Read/Write to the backups on my server, otherwise I just authenticate manually with my Read/Write account to transfer files to it manually. 

 

Spoiler

Desktop: Ryzen9 5950X | ASUS ROG Crosshair VIII Hero (Wifi) | EVGA RTX 3080Ti FTW3 | 32GB (2x16GB) Corsair Dominator Platinum RGB Pro 3600Mhz | EKWB EK-AIO 360D-RGB | EKWB EK-Vardar RGB Fans | 1TB Samsung 980 Pro, 4TB Samsung 980 Pro | Corsair 5000D Airflow | Corsair HX850 Platinum PSU | LG 32" 32GK850G Monitor x2 | Roccat Vulcan TKL Pro Keyboard | Logitech G Pro X Superlight  | MicroLab Solo 7C Speakers | Audio-Technica ATH-M50xBT2 LE Headphones | TC-Helicon GoXLR | Audio-Technica AT2035 | LTT Desk Mat | XBOX-X Controller | Windows 11 Pro

 

Spoiler

Server: Fractal Design Define R6 | Ryzen 3950x | ASRock X570 Taichi | EVGA GTX1070 FTW | 64GB (4x16GB) Corsair Vengeance LPX 3000Mhz | Corsair RM850v2 PSU | Fractal S36 Triple AIO | 12 x 8TB HGST Ultrastar He10 (WD Whitelabel) | 500GB Aorus Gen4 NVMe | 2 x 1TB Crucial P1 NVMe | LSI 9211-8i HBA

 

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share


×