NASLite Network Attached Storage

Yes, we love NASLITE for simplicity ...that means no configuring permissions/shares etc.

But how to safely expose your NAS box outside the LAN ?

A convenient workaround (and again the same philosophy of keeping it simple and functional) is to provide access to the shares using a ABYSS Web server. This brilliant web server runs under WinXP and is truly tiny in memory footprint and resources (a couple of MEG in memory size loaded)

Just setup some alias (eg music, docs, vids) and point them to the NAS server or subfolders. Then add in the permissions and you now have password secured web access to your NAS box/s.

eg http://www.mywebserver.com/vids can prompt for user/pwd before accessing the folder that "vids" points to on the NAS box.

By default the web server will list files without need for an index.htm file. Or create/mod a template to display listings.

http://www.aprelium.com/

There is a free version and an advanced version. SSL/HTTPS etc is functional.

Just configure yr router towards the PC running the webserver and also configure dynamic domain names as required. (eg http://www.dyndns.com)

Addendum.

If the Aprelium web server is configured to run as a Windows Service (instead of "Automatic Start on User Logon" or "Manual") then the network shares won't be accessible/configurable in Aprelium as these aren't available until User logon.

Symptoms are that when you go to configure Aliases that the network drives are not visible. Can prob fix by reconfiguring for Shares avail before logon but I have no need to configure/test this.

In summary (Windows XP):

In Windows Explorer:-
MAP a drive letter to a network share (either a disk or a particular folder):

eg:
Z: to \\NAS\Disk-0\ (ie the root folder of NAS Disk-0 )
Y: to \\NAS\Disk-1\Movies (ie an existing folder on NAS Disk-1 )


In APRELIUM Web Server (Web Console config):-

2) Configure an ALIAS for the mapped drives in Aprelium Wev Server
eg
Virtual Path /disk0 Real Path : Z:\
eg.
Virtual Path /nasmovie Real Path : Y:\

The " / " and " \ " are important!

3) Setup security for the aliases

a) "Users And Groups"

Add name/s under USERS
name and password etc etc.

b) "Access Control"
ADD for password protected Virtual Path...

browse..."select" eg nasmovie or

Realm..<any text ..eg movies>

Order "Allow/Deny"

Allow for and tick the boxes of the users and/or groups.

That's the basics for password-protected access to NAS shares via a server on an XP machine.

Plus of course opening a port on the router to connect to the Aprelium server on the XP machine (NOT the NAS box).

Sounds all fine until you consider that it is running on a windows XP box. XP is not known for it robustness in regards to security. I would be less than likely to use it as the basis for a web share of my NAS box. I like my data where it is, the best way to get to your data while on the road is via a VPN or a dedicated, locked down web server running on the likes of Linux or UNIX. All it takes is a root kit and you are OWNED and will likely not even know that they are there.

Mike

I agree with your sentiments re: relative security.

Everything is relative and whilst VPN may be preferable/advantageous, frankly it doesn't suit all purposes (eg accessing via a mobile phone).

"the best way to get to your data while on the road is via a VPN or a dedicated"

I'd suggest "best" be changed to "more secure"...you don't consider what my requirements are.

The topic covers a straightforward means of password-protecting the NAS box using the tools commonly at hand....not ideal...not in a secure server farm and I also don't have a rottweiler patrolling the fenceline (the fluffy cats that get hungry...that's another matter beware anyone that breaks in without bikkies ).

I'm also not dishing out the files to all..just personal use/friends *** on an adhoc basis ***.

As an aside, Aprelium has features to deter hacking attempts...http://www.aprelium.com/abyssws/features.html

Whether or not the XP box has Aprelium installed, the susceptibility to rootkits/trojans already exist for any client on the LAN, potentially exposing NAS shares from the LAN.

Likewise a poorly configured linux box or mainstream web server package is also a risk...or even one not fully updated/patched or a popular target for hacking.

Ultimately, pulling every cable from the NAS box (including power) and upgrading the hungry fluffies to aforementioned rottweiler's would also achieve greater security at the expense of functionality.

But given the requirements this is one solution that provides "adequate" security to share Naslite beyond the router and front door. A topic that is often raised re: NASLITE..."how do I password protect my shares."

PS> considering the term "rootkit" came originally (and still applicable) from the UNIX world I think that also demonstrates that security can never be considered absolute.

Agreed.

I would point out that when I said a server based on Linux or UNIX I mean a single application running on the machine with full patches and EVERY service not needed turned off and removed. This is just about as secure as one could get. I guess if you are looking to stream your audio files to your cell phone then you have few options at hand. It just scares the s#!t out of me thinking of the holes one opens when you share your NAS in the way you describe. I guess it comes down to acceptable risks.

Mike