NAS security

Hi All,

Hello. This is a great and friendly forum, lots to learn from you guys! I'm a bit of a newbie here, so please be gentle...

I'm looking into securing my data and anonymizing, as much as one can, my online presence after all that NSA/GCHQ/PRISM stuff going on. I'm actually quite frightened by all this!

Done a bit of research into VPN and Tor and will probably set up a new machine with Debian and VMs early next year. In the meantime I'm trying to work out if there's any other potential hardware in my chain that is buggy/backdoored/potentially leaking.

I have an Acer RT-N66 Dark Knight router behind a Virgin Cablemodem, and a Seagate GoFlex NAS 'always on' drive, hooked up via Ethernet. This drive is pretty convenient for me since I do a lot of work on the go and rather have all my data on this than in the cloud. I currently access it via https on the seagateshare.com website, although I'm pretty sure I could 'dial in' to it directly.

My rather vague question now is: does anyone envisage any problems or potential security risks associated with accessing the NAS from outside my home network? Just how secure are these drives anyway? Is SSL still secure? (I heard a lot of scaremongering lately that even this has been compromised.) What precautions need I take? Does anyone have a similar setup? Or do you think it's a stupid idea to have such a drive in the first place, since its contents are not even encrypted?

Any thoughts are appreciated!

 

Making your NAS box available through that Seagate website is the biggest risk. It would be far safer to access your LAN through VPN. However, it seems that the RT-N66U only supports PPTP, which is hopelessly insecure. I do see that it supports OpenVPN with Merlin firmware <-http://blog.bertelsen.co/2013/04/asus-rt-n66u-with-openvpn-server.html->. But that would entail reflashing the router.

Using an old PC plus a NIC card, you could have a pfSense router/firewall. It's easy to set up an OpenVPN server (with certificate-based authentication) on pfSense following this how-to <-http://openvpn.net/index.php/open-source/documentation/howto.html->. That would only work if your ISP enables opening server ports. You could get around that by using a VPN service that allows port forwarding, and then tunneling your private VPN server through it.

Encrypted drives are only encrypted when they're off. But encryption would prevent thieves from accessing your data (unless they were smart enough to do so while the drive was running).

 

Hi mirimir,

Thanks for your quick response, I've added this to my list. I actually got through to this site via your great in-depth guide at IVPN. If only more people would care about all this stuff!

 

Welcome

I'm sure that many care, but most secure solutions are too much work, and most easy solutions have too many holes.