5

I've seen this question about NAS security over the Internet and I'm wondering how safe the thing is in LAN?

I'm planning on replacing my old, desktop Windows-based PC with a NAS, I was thinking about something like WD My Cloud 2 TB or if it will be worth maybe Synology DS216j, anyway I'm kind of scared of the whole idea.

My network is almost always used via wi-fi (two Macbooks) and I'm scared that someone eventually will break to my network (which is not really that tricky considering wifi is always on) and will be able to access the NAS or even wipe its drive, or encrypt it. Surprisingly I feel quite safe with my Windows-based PC because my machine is almost never turned on, it's always up-to-date and I don't even share any drives over the network (i just turn it on if I want to access the files).

I'm not planning to access my NAS over the Internet, it will be only used locally, behind the router, but still, I don't feel really safe about the idea, I'm going to store quite important stuff there, like pictures and videos from many trips, documents etc. There will be backup in place, but I still don't want anyone to have access to it.

I'm wondering if it's possible to make NAS really secure in my LAN? I was thinking about that and the best idea I came up with is enabling access to the NAS only for computers connected directly to the network (using RJ45 cable) not the wi-fi ones, but can NAS really tell you're a wi-fi client (after all it's connected via cable to router)? Any other ideas? Or maybe I'm panicking over nothing?

Community
  • 1
Wordpressor
  • 153
  • 1
  • 5

1 Answers1

1

The Synology NAS's are very cool. I've just doubled the RAM on my 412+ as I tend to run too many services on it.

It is, of course, possible that someone could break into your Wi-Fi and then into the NAS and do nasty things. However, if you have a well set up Wi-Fi and have configured the NAS with decent security (e.g. on the Synology, I use the internal firewall to ensure that no unencrypted connections are allowed) then the risk is minimal.

In fact, it is statistically far more likely that you will be burgled, have a fire or flood or even earthquake (well maybe the latter only in certain regions)! So the main problem is one not related to a NAS but rather related to having valuable data at home. Loss through one of these or through disk failure is vastly more likely than a Wi-Fi hack for the majority of people.

So no matter what you are using to serve up your precious files, you really must also use off-site, secure backups. An advantage of at least some of the Synology devices is that you can persuade them to run Crashplan which generally remains the cheapest secure cloud backup if you need more than a few 10's of GB. They can also connect to a wide variety of alternatives including other Synology or other remote backup devices.

As mentioned, the Synology software includes an internal firewall which is easily configured to restrict connections from specific source addresses if you want to do that, it will add a little extra protection though honestly is almost certainly more hassle than it is really worth.

If you want to restrict to wired only connections, you will need a way to either limit the IP addresses of wired connections (through manual setting or DHCP fixed addresses depending on your router) or a way to put Wi-Fi through a separate VLAN. Either of these options will depend on having a decent router.

In general though, if you have a backup and set sensible defaults on the NAS (decent user passwords, encrypted connections only), that should be more than enough unless you live in a particularly vulnerable location or have particularly sensitive files.

Final note: I am not familiar with the WD NAS's only the Synology's.

UPDATE: For the specific requirements you've mentioned, the Synology would be an excellent fit I believe (possibly a QNAP device and others as well but I can't comment on those I'm afraid). Any of the NAS's will give shared drive access from Mac, Linux and Windows with the restrictions you mention. Certainly the Synology will let you set up any number of "shares" (shared logical drives) all with different security. You might also want to set up users on the NAS so that you can give different access to different people. Otherwise you just set up yourself and a guest account.

However, I recommend you work out how you will backup the data before you invest in the device.

The smaller NAS's are OK for simple use but may restrict your options for backup. Crashplan for example is a bit of a memory hog so you will struggle to back up >0.5TB on the smaller devices. To get round that, you should split your backups and run them on a rotating schedule (which the Crashplan client allows you to do).

Julian Knight
  • 7,092
  • 17
  • 23
  • Thank you so much, I generally need something to be accessible from both Windows and OSX/Linux machines via "My network places" with rights to read for everyone and write only for my main Mac, is it doable with Synology? I'm not planning to run any services on the NAS, I don't think I will need any UI for it (I will setup the firewall and that's it I think). I'm planning to use it as a dead-simple storage. I'm looking at 256 mb and 512 mb ram versions of Synology, I hope especially the 256 mb one (DS115j) won't be super slow because of that. – Wordpressor Sep 18 '16 at 22:36