NASLite Network Attached Storage

Ok so I managed to get remote FTP working last night but I have a security question for you all now! When I ftp via a command tool, it asks for a username and password. Username is anonymous but it apppears that the password can be anything you like! Also when I use my browser and ftp://86.x.x.x, it just shows all the disk without any log in at all! Isn't this a bit dangerous if someone happens to find my IP? For the time being I have disabled it until I get some answers!

Perhaps it's time for you to take a look at the manual heh?

I have read the manual so I've obviously missed something? Can you point me to the page which allows me to set up ftp access restrictions please?

First paragraph of the manual titled "What is NASLite-2" clearly states that there is no user management.

OK thanks. I was looking throught the FTP pages! So basically remote ftp is a non starter if you want any sort of protection!

There is no security on NASLite at all except for the admin password that can be changed. FTP never has been very secure.

Mike

"FTP never has been very secure. " I think that is an understatement! You mean totally unsecure! I wonder how many NL users have mistakenly allowed access to their box via ftp without knowing it's wide open to all and sundry as long as they know your internet IP?

The very first thing you would want to do after setting up any sort of NAS is to put the appropriate settings in your firewall to block all external (WAN) traffic into your NAS.

Consult the documentation for your particular router/firewall on the correct proceedures for doing this.

AND DO IT NOW!

Only takes about 5 minutes of unprotected exposure to the big bad Internet to get a virual visit these days.

A properly designed and configured firewall will block all incoming traffic unless specifically permitted.

Even your basic consumer grade broadband router with NAS and no firewall does this - by virtue of the fact that it has no internal ip address to forward the incoming connection request to.

Any security issues that may have occurred are more likely to have been caused by inexperienced users taking steps to make the NAS server available over the internet rather than inaction.

To repeat fordem’s post,

In order to make NASLite-2 content available to clients outside of your immediate LAN, two things need to happen. First, you’ll have to explicitly route a port to your non-routable NASLite-2 IP at your firewall. Second, you’ll have to provide a valid gateway as part of the NASlite-2 configuration.

That said, there should be no misunderstanding about what will expose your data and what will not. By default, NASLite content is absolutely safe and invisible to outside clients.

Unless NASLite-2 is properly set to export content to the WAN, it is more likely that files stored on the NASLite server will be compromised by a compromised client rather than NASLite itself.

If you are not sure about what you are doing, exporting NASLite content to the WAN is probably not a good idea. That is true for NASLite as well as any other file storage facility with or without built-in security.