NASLite Network Attached Storage

First of all, NASLite and NASLite+ are great products. Very usable in most situations. However, I was wondering if it would be possible to add some type of Global (Per Server) password?

If the primary function of NASLite+ is to use it as a workgroup server, then consider the following:

You have a company that has many departments...you need a quick additional server for a major project (one department). NASLite+ is a perfect solution, however, everyone in the company can access it, instead of just the intended users.

I realize that it's not a REAL Security solution, but as a deterrent, would be extrememly helpful.

Thanks

You make a very valid point, however consider this - As it stands NASLite+ content is accessible from virtually any TCP/IP enable OS from legacy DOS/UNIX implementations to the latest releases of OS X, UNIX and Windows.

Implementing easily manageable security requires a LOT of background code (LDAP being the most versatile) and may reduce compatibility especially with legacy systems. Even versions of Windows differ in access approach (clear text vs. encrypted passwords) thus forcing users to choose one or the other.

In the short term one thing that one may do to somewhat emulate inter-departmental security is to place each department on a different subnet. Take a look at this post:

http://www.serverelements.com/phpBB2/viewtopic.php?p=646

Anyway, just some thoughts...

This leads to an interesting question. Would it be possible for someone who had compromised the security of a network to actually take control of a NASLite server and use it as a point of attack for other machines? For example... I have three machines on my network, two PCs and a NASLite box. Assuming that the PCs are sufficiently locked down with good passwords, let's say someone manages to get on to my wireless network (not too likely, since I have implemented security on my router, but for the sake of argument). If they find my NASLite server, of course they have access to my files, but can they compromise the server itself and use it to run code, etc?

The short answer is NO.

If you have the NASlite server on a non-routable IP such as 192.168.x.x, there is no way for the NASLite server to be compromised since it makes no requests and is invisible to the outside. If for some reason the NASlite server is configured with an external IP, the files will be visible to the outside, but compromising NASLite in terms of functionality is not possible. It simply has no such facilities included as part of the OS. There is virtually no way that NASlite can be used to initiate action against other machines on the network.

In almost all such scenarios it is a compromised desktop that causes the problem.

Hope that helps

Thanks, Tony... that was EXACTLY what I thought (nothing included in the distro that could actually be controlled), but I didn't want to assume something and then later find out that I was wrong. To me, the lack of any way the machine could be turned into a zombie is actually a major security PLUS.

ok, probably been asked a 1000 times already..

if i wanted my nas available publicy via http - how can i apply a password to prevent EVERYBODY from downloading from it as i'd like to keep it for certain users only.

hello mikos,

The simplest way to do this is to use another machine to aid you. Basically you set up a normal pc to share on the web, you put in the proper security(spelling?) you desire, then you point the share of the server to actually be the Naslite server.

Things to mention is all traffic now goes through your pc and your normal pc obviously needs to be on to make the webserver function.

But I believe this is the simplest way to do it.

If you were the creator of the software it would be easy to make the necessary changes, but most settings on the software are keep hidden in the compiled verison, you would need alot of knowledge to do so.