Consumer NAS vs. File & Printer Sharing for security

Discussion in 'other security issues & news' started by Devinco, Jan 10, 2006.

Thread Status:
Not open for further replies.
  1. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Is a consumer grade NAS more secure than file and printer sharing on a Windows XP Pro LAN? Why?
    What are important security features to look for in a NAS?
    Can you recommend a good NAS in the lower price range that would still have useful security features?
    Is there a NAS that you can add your own hard drive to?
    If one wants to use a NAS, do you have to enable Client for Microsoft Networks or File & Printer Sharing on the individual computers? If you have to enable these just to use it, then there is less of a point to use a NAS for security.

    Thanks
     
  2. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hi,
    What do you mean by NAS?
    Mrk
     
  3. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Hi Mrkvonic,

    I mean Network Attached Storage. The way I understand it, it is a self contained device that does not need to be connected directly to a computer.
    It contains a hard drive and is plugged into the LAN through an Ethernet connection (they also make wireless models, but I am interested in the wired kind). This network attached hard drive is then available for file sharing purposes. I haven't used one before so I want to get other people's security advice.
     
  4. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hi,
    Can't help you there, sorry :)
    Mrk
     
  5. diginsight

    diginsight Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    225
    Location:
    Netherlands
    My definition of consumer grade NAS is everything below $ 500.

    Security is as good as the person who configures it. There are various OS for consumer grade NAS: Linux, Windows CE or XP Embedded and maybe more.

    I guess the NAS is more secure than a default Windows XP Pro, simply because it doesn't offer as much functions, has less services running. With Linux most NAS use Samba. If there's a vulnerability in Windows XP it will be fixed, but what if there's a vulnerability in the NAS software? On the other hand the chance of someone targetting a consumer grade NAS is very small. With the Linksys NLSU2 based on Linux you can install a custom Linux builds. This is what I like about Linksys, because as with the WRT54G wireless router I can install Linksys firmware or choose other Linux build like the one from Sveasoft. OTOH the transfer speed of the Linksys NLSU2 is not very high.

    First and most important to me is the ability to offer RAID1 support. Some NAS offer internal RAID1 and others offer RAID1 trought external USB. If you don't want to loose 250GB after the harddisk crashes, consider RAID1. If you can afford to loose the harddisk or need the maximum throughput and RAID1 is only supported on an external harddisk then RAID1 is less important.

    Some NAS offer the option to schedule backups.

    Support by the manufacturer or Open Source community if you want to be able to patch vulnerabilities.

    Most important for me, but not in particular for a consumer NAS is Windows domain support. AFAIK for most NAS the username and password have to be equal to the username password of the Windows PC accessing it so that the Windows PC can automatically login to the NAS with the same username/password. A NAS with Windows domain support can take advantage of all the security features Active Directory has to offer. For me this is an issue, because I'm running Windows servers at home. But this features comes at a price.

    The file system used on the disk. It can support FAT32, NTFS and EXT3. Not every file system is fully supported on every NAS. Some only support it as read-only or on the internal harddisk, but not on an external harddisk.

    Almost forgot to mention heat dissipation. You don't want the harddisk to be damaged by overheating. The SimpleShare uses the metal case for heat dissipation, so you have to make sure you don't store it in a closed cabinet.

    Not a security feature, but very nice is an idle timer for the harddisk to spin down when it's not accessed. This way you can always leave the NAS running without it using much power. And a nice bonus is a power cord instead of a 12V adapter. With power cords I can connect it to my UPS in case of spikes or power outage. Those adapters are already cluttering my power outlets while I still have unused connectors on my UPS.

    My preferred 'consumer' NAS is the SimpleShare, but for now I'll just use my Windows XP box and external USB harddisk for sharing data. There is an excellent NAS review on the SimpleShare website, but it's in German. Next to SimpleShare comes the Buffalo Linkstation and LaCie Ethernet disk mini. Take a look at the NAS reviews on http://www.tomsnetworking.com/ and http://www.amazon.com Also search Google for what the Linksys NLSU2 has to offer. Next to these there are dozens other NAS, like for example the Ovislink Storage Media .

    Most imporant: make a small selection of NAS you are interested in, review the online NAS manuals to see how the NAS works, what it's capabilities are, send a e-mail for more information to get an idea how good the support is, review the user interface and determine if this meets your demands. Using this procedure I selected the SimpleShare, but I'm still not prepared to invest € 340 in a 250 GB NAS.

    You don't need File & Printer Sharing to access a NAS, but you do need Client for Microsoft Networks as this includes the workstation service required to access network devices.

    This all depends if are behind a router/firewall or are directly connected to the Internet.

    Otherwise consider using a Linux NAS which supports NFS, but I never used NFS on Windows XP and don't know what the client requirements are.
     
    Last edited: Jan 11, 2006
  6. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    diginsight,

    Thank you for all the advice on this.
    It is definately appreciated, and will help me to make the right choices.

    :cool:
     
  7. cdr

    cdr Guest

    i htough u meant NAS as in the emcee. :p
     
Loading...
Thread Status:
Not open for further replies.