NAS Security

Nem · March 13, 2015

I have a NAS set up with Windows 8, and its running things like owncloud, plex, backups and just general storage for the local network

I have a dynamic dns set up and I forward a bunch of ports for things like owncloud that need remote access to that machine

Recently I've been thinking about security and wondering what steps I should be taking to make the system more secure. I want to make it as difficult as possible for anyone to actively, or passively, get access to the contents of my system. For example, is forwarding so many ports generally a bad idea?

How do people generally secure a NAS when remote access is required?

Also, how does one encrypt all the data on the drive? And if everything is encrypted, does it all have to manually decrypt with a password before using it (i.e. each time I try to access an individual file from the NAS I'd have to type in a password)?

Jade · March 13, 2015

The more things you have running on a machine, the more vulnerable it is. The key to keeping a machine secure is to make the potential points of access as few as possible. Don't forward unnecessary ports, either. Most people just use a VPN to remotely access the network and connect to the NAS from there, as it requires a full on login to access the network.

Typically encrypting a drive just requires you to type a password in before booting.

Nem · March 13, 2015

So I've cut down the number of forwarded ports to 5. Is it safe to forward port 80 for a webserver?

nothing else is open and I assume my windows firewall will be blocking everything else?

Are there any methods, other than a vpn, to securing up a NAS from outside access?

Darren · March 14, 2015

So I've cut down the number of forwarded ports to 5. Is it safe to forward port 80 for a webserver?

nothing else is open and I assume my windows firewall will be blocking everything else?

Are there any methods, other than a vpn, to securing up a NAS from outside access?

Stop it from forwarding ports on the router via. uPnP.

Like Jade said, use a VPN to access stuff remotely. Most NAS vendors have had a fairly terrible history for vulnerabilities with the exception of QNAP.