How secure is unraid and or truenas scale?

[Indian pc builder]

How secure are truenas scale and unraid compared to something like windows? Should i be worried about things like ransomware more than i should be with windows? Should I look into anti virus software? how would that even work?

[whispous]

Ransomware can encrypt network share files, if the infected client computer has write access to the files in the share it can see.

[Lurick]

Just now, whispous said:

Ransomware can encrypt network share files, if the infected client computer has write access to the files in the share it can see.

This.

You're not running really anything directly on Unraid or truenas like with a host machine where you would download the file directly and run it on there but network shares can definitely still be infected by end machines that have access.

[OddOod]

As with all IT security, you have to think about your threat surface and potential attack motivation. Are you going to be targeted specifically? 

[Indian pc builder]

15 minutes ago, OddOod said:

As with all IT security, you have to think about your threat surface and potential attack motivation. Are you going to be targeted specifically? 

Maybe? Idk does it matter that i just paid for a big data recovery company to recover the data from a drove which shows that i care about my data enough to pay for it? Of course I checked and the data recovery company does work securely and has never had any issues with data breaches and never keeps copies of the data but, idk

Question is that should I be worried about it?

[OddOod]

6 minutes ago, Indian pc builder said:

Maybe? Idk does it matter that i just paid for a big data recovery company to recover the data from a drove which shows that i care about my data enough to pay for it? Of course I checked and the data recovery company does work securely and has never had any issues with data breaches and never keeps copies of the data but, idk

Question is that should I be worried about it?

Unless you're doing some pretty sketchy stuff, you probably don't need to worry. Keep everything on the network reasonably up to date and you should be pretty secure. 

[LIGISTX]

3 minutes ago, Indian pc builder said:

Maybe? Idk does it matter that i just paid for a big data recovery company to recover the data from a drove which shows that i care about my data enough to pay for it? Of course I checked and the data recovery company does work securely and has never had any issues with data breaches and never keeps copies of the data but, idk

Question is that should I be worried about it?

That isn’t going to cause a targeted digital attack…

 

Truenas and unraid are much more secure because they are not ever going to reach out to the internet… they don’t have web browsers, they are Linux based and not windows based, etc etc.

 

But this is not really how NAS’s get compromised, they get compromised by other devices on your network. If you have a fully locked down NAS, but the windows PC that is accessing shares gets ransomwared, it’ll start encrypting network drives including your NAS SMB shares. This is one reason Truenas and ZFS are the superior choice… ZFS snapshots are the best mitigation against this since snapshots can’t be encrypted or deleted except via TrueNAS itself (as in no network connected client could delete or alter those snapshots). 
 

This then means you need good network security, and have network segmentation so your TrueNAS machine lives on a subnet not accessible by your potentially infected windows machines, iot devices, etc etc. This is where you get into more prosumer grade network gear, set up vlans, and really dive into learning networking which is overkill for most people. But it is “the correct answer”. 
 

TLDR; windows is by far the least safe, TrueNAS is the most safe mostly because ZFS is your best shot against ransomware due to ZFS snapshots. 

[Indian pc builder]

11 minutes ago, OddOod said:

Unless you're doing some pretty sketchy stuff, you probably don't need to worry. Keep everything on the network reasonably up to date and you should be pretty secure. 

does setting up and automating torrents to the server for movies and things that are not available in my region count as sketchy?

[Kilrah]

Doesn't matter what the server is running if you're using it to download stuff that may be containing malware and are going to run it on your Windows machine afterwards anyway.

[m9x3mos]

Downloading torrents would be sketchy yes. 

Just with any system, it is a secure as you make it. 

I like the snapshot automation that truenas offers. That way if I do get hit with ransomware, shutdown everything and clear out the source of the attack and then in truenas revert the snapshot before it happened and my data is back. 

[OddOod]

2 hours ago, Indian pc builder said:

does setting up and automating torrents to the server for movies and things that are not available in my region count as sketchy?

Not super, just make sure you don't accidentally run a self extracting zip as a movie. Been there done that. 
Play the media from a video player instead of just clicking on the files. 

[Indian pc builder]

18 minutes ago, OddOod said:

Not super, just make sure you don't accidentally run a self extracting zip as a movie. Been there done that. 
Play the media from a video player instead of just clicking on the files. 

I mean, to be fair, I still haven’t torrented malware in place of a movie yet, torrenting pretty frequently for 3 years, I think it works because I only get stuff from yify?

 

2 hours ago, Kilrah said:

Doesn't matter what the server is running if you're using it to download stuff that may be containing malware and are going to run it on your Windows machine afterwards anyway.

Should I look into an antivirus program then? What would my options be ?

[OddOod]

Windows defender has always been good enough for me

[LIGISTX]

I would use truenas. ZFS is the best protection against all forms of malware/ransomware. But the problem isn’t the OS, or the file system, it’s the humans using it. 
 

ZFS provides the best possible way to recover in the form of ZFS snapshots. That doesn’t mean it’s foolproof, if you have poor network security, default passwords, open ports on your firewall to vulnerable software, you stand a chance of getting pwned regardless of what option you pick.

[BoomerDutch]

Well you could isolate the downloader and storage together and pluck plex or alternatives and add VPN docker inside isolated island and open one port lan to plex client to watch etc.

 

Theorically you'll need proxmox and put up 3 vms and voila.

 

Which is

1. Pfsense
2. Docker on any distro.
3. Truenas

Add more if you like to enhance security add extra layer of router and such such.

 

Skills needed.

1. Virtualisation
2. Networking
3. Firewall 
4. Hardlinking
5. Self vulnerability check.
6. Know what you're doing
7. Resistance to mental breakdown.
8. Linux

[LIGISTX]

3 hours ago, BoomerDutch said:

Well you could isolate the downloader and storage together and pluck plex or alternatives and add VPN docker inside isolated island and open one port lan to plex client to watch etc.

 

Theorically you'll need proxmox and put up 3 vms and voila.

 

Which is

1. Pfsense
2. Docker on any distro.
3. Truenas

Add more if you like to enhance security add extra layer of router and such such.

 

Skills needed.

1. Virtualisation
2. Networking
3. Firewall 
4. Hardlinking
5. Self vulnerability check.
6. Know what you're doing
7. Resistance to mental breakdown.
8. Linux

So... only partially. 

 

Yes, with proxmox you could create some VM's, set up virtual routing and put torrent downloaders on their own subnet, but that isn't really the issue here. The issue here is downloading a file that is compromised and having a windows machine connected via SMB play that file and thus execute said malware, or have a windows PC on the main LAN (which wouldn't be firewalled off from the management surface of proxmox and thus all VM's under it in this example.....) become compromosed and then laterally move to your proxmox box which can then pwn truenas.

 

Yes, your solution does provide more security than nothing at all, but it doesn't really fix the fact all of the management surfaces are on the main LAN, with all sorts of devices we don't trust.

 

To do this "properly", you need your edge router to have a proper firewall, and do all vlan setups there. That way you can have a management subnet that proxmox, truenas WebUI, the firewall itself (pfsense is what I use), and whatever else as at that management level live on. Then you would set up subnets "below" that for things such as windows machines, phones, laptops, etc as well as an SMB share from truenas so your windows machines can still access SMB but restrict their ability to interface with the mangament subnet, then "next to that" I would have VM's for download clients etc, with similar rules as the windows and normal devices subnet.... then a subnet with next to 0 ability to talk to anything outside of that subnet for all IoT devices and things we really, truly, do not trust. 

[BoomerDutch]

Yes @LIGISTX correct here however.

 

Here's correction.

 

If i were to use downloaders, i would never ever connect smb share or nfs.

 

Get rid of smb share idea and use jellyfin server.

 

Jellyfin server is not connected to vpn nor to any internet just directly connected to nas and lan to communicate with only jellyfin ports. (Prevents scraping tho)

 

So then you'll only need use jellyfin client to stream shows whatoever.

 

So it is fairly good security and less likely attack reaching outside.

 

Because you're not interacting with files just streaming from jellyfin server.

 

If jellyfin dies for some reason it's fairly easy to just wipe and place new updated jellyfin server.

 

And I don't use Proxmox firewall you don't need to. I've just deployed own router called pfsense inside and deployed multiple virtual network in pfsense.

 

And firewalled that way.

 

To manage all of that I've created smol linux desktop with one browser to manage edit all of them. Through proxmox vnc.

 

Oh right some direct connections doesn't require router and such thanks to static network setup. (Yes you can connect one cable to two computers and set to same static subnet and boom they're communicating.)

 

Not directly from my pc.

Which is idea of isolating.

 

Btw ive once setup whole isolated island with only nixos vms.

Which it became smollest couple vms I've deployed.

 

Praise the virtual networking!

[LIGISTX]

2 hours ago, BoomerDutch said:

Yes @LIGISTX correct here however.

 

Here's correction.

 

If i were to use downloaders, i would never ever connect smb share or nfs.

 

Get rid of smb share idea and use jellyfin server.

 

Jellyfin server is not connected to vpn nor to any internet just directly connected to nas and lan to communicate with only jellyfin ports. (Prevents scraping tho)

 

So then you'll only need use jellyfin client to stream shows whatoever.

 

So it is fairly good security and less likely attack reaching outside.

 

Because you're not interacting with files just streaming from jellyfin server.

 

If jellyfin dies for some reason it's fairly easy to just wipe and place new updated jellyfin server.

 

And I don't use Proxmox firewall you don't need to. I've just deployed own router called pfsense inside and deployed multiple virtual network in pfsense.

 

And firewalled that way.

 

To manage all of that I've created smol linux desktop with one browser to manage edit all of them. Through proxmox vnc.

 

Oh right some direct connections doesn't require router and such thanks to static network setup. (Yes you can connect one cable to two computers and set to same static subnet and boom they're communicating.)

 

Not directly from my pc.

Which is idea of isolating.

 

Btw ive once setup whole isolated island with only nixos vms.

Which it became smollest couple vms I've deployed.

 

Praise the virtual networking!

So... sort of.

 

There is nothing wrong with SMB or NFS, especially since people are going to want to use their NAS to actually do what NAS's do, which is be network attached storage.

 

The way to correctly lock things down is you NEED an edge router that does network segmentation, running pfsense within proxmox is not enough because that doesn't protect proxomox from your windows machines since they would all be on a flat network otherwise. 

 

In a normal home network, you have 1 router, say 192.168.1.1, its has a 192.168.1.x subnet. Your PC, AND proxmox, will both end up with 192.168.1.x IP's, which means there is no segmentation between your vulnerable windows PC, Macbook, IoT devices etc from your proxmox host.

 

Now depending on how difficult you have made things, yes, you can virtually route all of your VM's through a virtual pfsense, and put them behind a firewall and behind NAT from your 192.168.1.x network... but this is sort of an "annoying" way to do things. I think that is what you are saying you did, but that isn't really "the right" way to do it. It isn't "wrong", but it makes it much more difficult to manage since you can't admin any of the VM's that live within proxmox from your main PC, which is on the 192.168.1.x subnet.

 

What you need is a pfsense machine at the head of the network... right after your modem. From there, you do all segmentation with vlans and maanged switches.

 

In this situation, say your main network which pfsense lives on is 10.10.10.x (lets call this the top level manegment subnet), and this is the first router immedietly after the modem. From there, you set up vlans, set up 1 vlan for your windows PC and other "trusted" machines on say 10.10.11.x. Then you set up a homelab subnet for things like jellyfin, torrent clients, etc, on 10.10.12.x, and an IoT subnet on 10.69.69.x.

 

At the pfsense level, you do not allow 10.69.69.x to talk to anything except the WAN. This would mean all IoT devices can work normally, but they can not reach out and touch ANYTHING else on your network. Things on your network can reach out and control them, but nothing can initaite a connection from IoT subnet. If you have managed AP's, you assign this its own SSID, and boom, all IoT stuff is segmented off on its own WiFi SSID, in its own subnet, done.

 

Then you set up a WiFi and switch port vlans for your trusted 10.10.11.x subnet which you plug your PC ethernet into, connect your laptop to that SSID, etc. Done.

 

Then you plug proxmox into 10.10.10.x, along with all of your switches and AP's, they ALL get the management subnet (which is the trunk port) which now means proxmox lives on the 10.10.10.x mangement subnet and you can assign vlans's within proxmox to each VM. So if you want, you can spin up a homeasssitant VM on the 10.69.69.x vlans, and it will then be able to talk to your IoT devices, but nothing else. And you can pass a torrent client the 10.10.12.x vlan, and it can communicate across that subnet, and depending how you set up your firewalls rules, maybe can talk out of that subnet, maybe can't, up to you...

 

Then you set up truenas as a VM within proxmox. You pass truenas 10.10.10.x, so truenas lives on the management port. You then create SMB shares on both the 10.10.11.x and 10.10.12.x with different permsisions. This way, VM's within 10.10.12.x (like a VM hosting jellyfin, or a VM hosting a torrent client) can SMB to truenas, but only with those permissions, and only to the /mnt point you have your torrented media. In truenas on the SMB share shared over 10.10.11.x, you then would be able to use your NAS as a NAS where you can have all your personal files and data like pictures, home videos, documents, etc and be able to access them from devices on the 10.10.11.x subnet, but NOT from the 10.10.10.12 or 10.69.69.x networks since you only expose that SMB share over the 10.10.11.x network. 

 

Doing all of this 100% inside of proxmox means you are not really locking things down... you need to move things that have management ability up and away from anything that could infect or alter them. This does take some money though, as you would need a pfsense machine and managed switches and AP's. But I was able to do all of this for about 300 bucks. Use an old PC for pfsense, get a 2 port NIC (1 for WAN, 1 for LAN, DO NOT USE PFSENSE AS A SWITCH), get a few 5 port managed switches from Ubiquity for ~30 bucks each, and a managed AP or two also from Ubiquity for ~150 bucks, and thats it.

 

This is a very good guide on how to set it all up, Lawrence systems has MANY great videos on these topics:

 

Something to remember, the torrent client is not the piece of software to be worried about, IoT devices and not well admined Windows machines are the concern here. If you have a windows PC able to reach out and touch your proxmox WebUI, SSH, or truenas WebUI or SSH, if your windows machine got compromised, it could start ransomewaring your SMB share, AND THEN ALSO attack truenas webUI via stored crednetials in your browser and turn off ZFS snapshots, delete previous ones, lock you out of the webUI all together, etc etc. This is certainly a pretty extreme example, but THAT is what we are trying to protect against here which is why doing segmentation within proxmox is not enough. You need to protect proxmox itself (and all other things living on the management interface… firewalls, network routing equipment like switches and AP’s, TrueNAS webUI and SSH, and any other key infrastructure).

 

Anyways, hope this made sense... trying to convey the entire premise of network security in a single post is not exactly simple. 

 

Another good video that may help explain things a little better:

 

 

[Indian pc builder]

6 hours ago, LIGISTX said:

So... sort of.

 

There is nothing wrong with SMB or NFS, especially since people are going to want to use their NAS to actually do what NAS's do, which is be network attached storage.

 

The way to correctly lock things down is you NEED an edge router that does network segmentation, running pfsense within proxmox is not enough because that doesn't protect proxomox from your windows machines since they would all be on a flat network otherwise. 

 

In a normal home network, you have 1 router, say 192.168.1.1, its has a 192.168.1.x subnet. Your PC, AND proxmox, will both end up with 192.168.1.x IP's, which means there is no segmentation between your vulnerable windows PC, Macbook, IoT devices etc from your proxmox host.

 

Now depending on how difficult you have made things, yes, you can virtually route all of your VM's through a virtual pfsense, and put them behind a firewall and behind NAT from your 192.168.1.x network... but this is sort of an "annoying" way to do things. I think that is what you are saying you did, but that isn't really "the right" way to do it. It isn't "wrong", but it makes it much more difficult to manage since you can't admin any of the VM's that live within proxmox from your main PC, which is on the 192.168.1.x subnet.

 

What you need is a pfsense machine at the head of the network... right after your modem. From there, you do all segmentation with vlans and maanged switches.

 

In this situation, say your main network which pfsense lives on is 10.10.10.x (lets call this the top level manegment subnet), and this is the first router immedietly after the modem. From there, you set up vlans, set up 1 vlan for your windows PC and other "trusted" machines on say 10.10.11.x. Then you set up a homelab subnet for things like jellyfin, torrent clients, etc, on 10.10.12.x, and an IoT subnet on 10.69.69.x.

 

At the pfsense level, you do not allow 10.69.69.x to talk to anything except the WAN. This would mean all IoT devices can work normally, but they can not reach out and touch ANYTHING else on your network. Things on your network can reach out and control them, but nothing can initaite a connection from IoT subnet. If you have managed AP's, you assign this its own SSID, and boom, all IoT stuff is segmented off on its own WiFi SSID, in its own subnet, done.

 

Then you set up a WiFi and switch port vlans for your trusted 10.10.11.x subnet which you plug your PC ethernet into, connect your laptop to that SSID, etc. Done.

 

Then you plug proxmox into 10.10.10.x, along with all of your switches and AP's, they ALL get the management subnet (which is the trunk port) which now means proxmox lives on the 10.10.10.x mangement subnet and you can assign vlans's within proxmox to each VM. So if you want, you can spin up a homeasssitant VM on the 10.69.69.x vlans, and it will then be able to talk to your IoT devices, but nothing else. And you can pass a torrent client the 10.10.12.x vlan, and it can communicate across that subnet, and depending how you set up your firewalls rules, maybe can talk out of that subnet, maybe can't, up to you...

 

Then you set up truenas as a VM within proxmox. You pass truenas 10.10.10.x, so truenas lives on the management port. You then create SMB shares on both the 10.10.11.x and 10.10.12.x with different permsisions. This way, VM's within 10.10.12.x (like a VM hosting jellyfin, or a VM hosting a torrent client) can SMB to truenas, but only with those permissions, and only to the /mnt point you have your torrented media. In truenas on the SMB share shared over 10.10.11.x, you then would be able to use your NAS as a NAS where you can have all your personal files and data like pictures, home videos, documents, etc and be able to access them from devices on the 10.10.11.x subnet, but NOT from the 10.10.10.12 or 10.69.69.x networks since you only expose that SMB share over the 10.10.11.x network. 

 

Doing all of this 100% inside of proxmox means you are not really locking things down... you need to move things that have management ability up and away from anything that could infect or alter them. This does take some money though, as you would need a pfsense machine and managed switches and AP's. But I was able to do all of this for about 300 bucks. Use an old PC for pfsense, get a 2 port NIC (1 for WAN, 1 for LAN, DO NOT USE PFSENSE AS A SWITCH), get a few 5 port managed switches from Ubiquity for ~30 bucks each, and a managed AP or two also from Ubiquity for ~150 bucks, and thats it.

 

This is a very good guide on how to set it all up, Lawrence systems has MANY great videos on these topics:

 

Something to remember, the torrent client is not the piece of software to be worried about, IoT devices and not well admined Windows machines are the concern here. If you have a windows PC able to reach out and touch your proxmox WebUI, SSH, or truenas WebUI or SSH, if your windows machine got compromised, it could start ransomewaring your SMB share, AND THEN ALSO attack truenas webUI via stored crednetials in your browser and turn off ZFS snapshots, delete previous ones, lock you out of the webUI all together, etc etc. This is certainly a pretty extreme example, but THAT is what we are trying to protect against here which is why doing segmentation within proxmox is not enough. You need to protect proxmox itself (and all other things living on the management interface… firewalls, network routing equipment like switches and AP’s, TrueNAS webUI and SSH, and any other key infrastructure).

 

Anyways, hope this made sense... trying to convey the entire premise of network security in a single post is not exactly simple. 

 

Another good video that may help explain things a little better:

 

 

 

 

I was just going to connect it to a tplink omada business router for internet access and call it a day, considering that all the devices on the Lan are kept up to date and well and malware free. 

(do eol tploink wifi extenders and decos count as secure)?

16 hours ago, BoomerDutch said:

Well you could isolate the downloader and storage together and pluck plex or alternatives and add VPN docker inside isolated island and open one port lan to plex client to watch etc.

 

Theorically you'll need proxmox and put up 3 vms and voila.

 

Which is

1. Pfsense
2. Docker on any distro.
3. Truenas

Add more if you like to enhance security add extra layer of router and such such.

 

Skills needed.

1. Virtualisation
2. Networking
3. Firewall 
4. Hardlinking
5. Self vulnerability check.
6. Know what you're doing
7. Resistance to mental breakdown.
8. Linux

as for the torrents, if i'm running truenas scale and I stick the torrents and stuff into a dicker container on that, theoretically, if I do get a virus all it would do is to kill my media library and force me to torrent everything again right?
 

I looked into how to torrent stuff and was met with this reddit thread so, I'm im doing the qbittorrent radarr and sonarr or whatever(Please help me figure out what is the best to do here) and if I do, how much would I need to worry about security and how?

 

[LIGISTX]

1 hour ago, Indian pc builder said:

I was just going to connect it to a tplink omada business router for internet access and call it a day, considering that all the devices on the Lan are kept up to date and well and malware free. 

(do eol tploink wifi extenders and decos count as secure)?

Thats perfectly fine. I am just describing how you go about actually setting up a managed network and segregating things for the least chance of getting pwned. For a simple home NAS, what you plan to do is totally fine. 
 

1 hour ago, Indian pc builder said:

as for the torrents, if i'm running truenas scale and I stick the torrents and stuff into a dicker container on that, theoretically, if I do get a virus all it would do is to kill my media library and force me to torrent everything again right?

No, that’s what I was trying to explain in my post. It isn’t the torrent client that you are worried about, it’s the devices that could become infected which could then start to ransomware you. The devices with the highest likelihood of this is honestly your windows PC, or IoT devices 

 

You could end up downloading a torrent with an executable, and if a windows machine does end up running that, who knows what affect it will have. But that’s the same as if you go to a bad website, get a malicious ad, or just open a malicious pdf on an email. From that point on, what the malicious software does is anyone’s guess, but it would affect much more than just your torrented files.

 

You need to understand what devices actually can get infected via running malicious code. The torrent downloaded is not running code, it is low risk. Same with truenas (truenas is also Linux, so any windows virus wouldn’t hurt it anyways) (docker containers are usually Linux based as well, so same goes for a dockerized torrent client). The largest threat surface is computers people are using, or IoT devices.

 

Hopefully this makes sense… it’s a big topic that takes some actual energy to learn. Network and cyber security have a lot to them, takes a while to really grasp it all. But for a home setup, you don’t need to worry about this much.

[Bersella AI]

1 hour ago, Indian pc builder said:

as for the torrents, if i'm running truenas scale and I stick the torrents and stuff into a dicker container on that, theoretically, if I do get a virus all it would do is to kill my media library and force me to torrent everything again right?
 

I looked into how to torrent stuff and was met with this reddit thread so, I'm im doing the qbittorrent radarr and sonarr or whatever(Please help me figure out what is the best to do here) and if I do, how much would I need to worry about security and how?

To clarify first, Docker support has been dropped by TrueNAS Scale since the 23.10 release, and replaced by k8s-based Charts apps instead. Although the malicious stuff may not be activated in the container or on the server itself, it can be evoked by other clients (most likely, Windows PCs), and affect the server thereafter, just as said by @LIGISTX .

 

Additionally, take an eye on news about vulnerabilities of Torrent clients. You might have noticed a critical vulnerability discovered in qBittorrent 4.5.0-4.5.1 Windows version, and another described on U.S. vulnerability database in qBittorrent <=4.5.5, both of which could allow attackers inject arbitrary code, and do anything they wish. You may need to upgrade the clients immediately to mitigate these issues.

[BoomerDutch]

@LIGISTX cheers for providing valuable information 

 

Fortunately I don't need it now because I'm not planning to deploy any time soon.

And I'd never use windows anyways.

 

Quote

Now depending on how difficult you have made things, yes, you can virtually route all of your VM's through a virtual pfsense, and put them behind a firewall and behind NAT from your 192.168.1.x network... but this is sort of an "annoying" way to do things. I think that is what you are saying you did, but that isn't really "the right" way to do it. It isn't "wrong", but it makes it much more difficult to manage since you can't admin any of the VM's that live within proxmox from your main PC, which is on the 192.168.1.x subnet

Yes it's true for some people its an annoying way of doing things.

However I've made smol linux desktop with one browser and attach virtual network to any of these vms and most of time I've implemented auto reboot cycle and update cycle if whole thing fails it just loads my configuration and reinstall itself.

So i usually don't need to change smol linux and keep attached to webgui i use.

 

Quite fascinating if you tell me.

 

 

Thanks looks like my next project of tinkering is with vlans gotta crack my skull open and dump all that valuable information.

 

Openwrt router should be fine to start with then pfsense after?

 

Kinda pain to spend more money on router.

 

3 hours ago, Indian pc builder said:

as for the torrents, if i'm running truenas scale and I stick the torrents and stuff into a dicker container on that, theoretically, if I do get a virus all it would do is to kill my media library and force me to torrent everything again right?

 

I looked into how to torrent stuff and was met with this reddit thread so, I'm im doing the qbittorrent radarr and sonarr or whatever(Please help me figure out what is the best to do here) and if I do, how much would I need to worry about security and how?

 

Yes all you have to do is kill your library and rebuild then redownload stuff you lost.

 

However do shutdown network and check logs/scan on your devices to see if you're infected or not.

 

Its not fun but you know its a must.

 

However you can reduce getting attacked is by choosing trustworthy source by research

 

I cannot help you to build one since it's against holy grail of forum rules.

 

However you can easy find YouTube videos about it. Plenty youtubers has made guide about it and I've learned from it and made it.

[ianm_ozzy]

Windows is  typically much easier target that a properly configured NAS/Server.

 

For me windows is for gaming only. Any web downloads/visits are using firefox with ublock origin and noscript.

It is usually to  download drivers.

 

Truenas has snapshot options in case  windows gets something nasty  & messed with your files.

 

 

 

[Indian pc builder]

On 4/18/2024 at 9:53 PM, BoomerDutch said:

@LIGISTX cheers for providing valuable information 

 

Fortunately I don't need it now because I'm not planning to deploy any time soon.

And I'd never use windows anyways.

 

Yes it's true for some people its an annoying way of doing things.

However I've made smol linux desktop with one browser and attach virtual network to any of these vms and most of time I've implemented auto reboot cycle and update cycle if whole thing fails it just loads my configuration and reinstall itself.

So i usually don't need to change smol linux and keep attached to webgui i use.

 

Quite fascinating if you tell me.

 

 

Thanks looks like my next project of tinkering is with vlans gotta crack my skull open and dump all that valuable information.

 

Openwrt router should be fine to start with then pfsense after?

 

Kinda pain to spend more money on router.

 

Yes all you have to do is kill your library and rebuild then redownload stuff you lost.

 

However do shutdown network and check logs/scan on your devices to see if you're infected or not.

 

Its not fun but you know its a must.

 

However you can reduce getting attacked is by choosing trustworthy source by research

 

I cannot help you to build one since it's against holy grail of forum rules.

 

However you can easy find YouTube videos about it. Plenty youtubers has made guide about it and I've learned from it and made it.

Discord then? Also about the pfsense thing. I was planning to use a tplink vpn multi wan router to do all of this 

[LIGISTX]

12 minutes ago, Indian pc builder said:

I was planning to use a tplink vpn multi wan router to do all of this 

Why multi WAN?

 

I suggest doing a bunch of research on networking to understand how network security works. Learning some network security basics would help your understanding a lot… 

 

Personally I like Lawrence systems on YouTube, but there are many great options. Give them a watch. Learn about subnets, firewalls, vlans, how to segregate IoT devices. These topics will help build a mental understanding of how network attacks work and what you need to protect against.