how can NAS work if it is not connected to Internet?

I was reading the reviews for a NAS backup solution: Western Digital 4TB My Cloud Home Personal Cloud Storage - WDBVXC0040HWT-NESN. I am referring to the this review on the product that criticized the solution on the basis that it wouldn't work without being connected to the Internet. The idea was that it should be possible to disable connectivity to prevent the backup device from being hacked remotely (and, presumably, added to a botnet).

I'm not very familiar with network hardware so this didn't make much sense to me. For the backup to work from a laptop to the NAS device, some sort of connectivity would obviously be needed. The device is presumably plugged into the router using an Ethernet cable, and the data flow presumably goes either laptop->router->NAS or laptop->router->some_server->router->NAS. Is the idea that the former should be possible but that the device is in fact doing the latter?

I realize that it might be hard to judge this device from afar without using it yourself, but your best guess as to what's going wrong with this device would be helpful.

Stephen

Posted 2018-09-18T17:13:28.547

Reputation: 635

1From your link - "Question: Can this be connected to a local network without an internet gateway? Does this require an internet connection to function locally? Answer: You can use it locally once it's set up. To set it up initially you need the internet and to manage it you need the internet as well, for example to determine the drive space available and firmware updates. Once you set up the shares, they'll work locally by themselves." - What's the problem? – AFH – 2018-09-18T17:26:15.910

I guess the problem is that it's sort of a he said she said, since the other person is saying you cannot turn off Internet access and have it still work. I don't really understand enough about NAS to know which of these people to believe, so I had been hoping for background knowledge that would let me do that. Which makes my question pretty vague and broad, I admit. I do find the answers here so far to be helpful. – Stephen – 2018-09-18T17:41:03.347

Possibly one way to resolve the conflicting reports is that the shares might work locally, but there still might not be a switch you can use to remove the device from the Internet (so it might still be available to hackers even if you're not using the Internet features). Just guessing. – Stephen – 2018-09-18T18:02:40.280

You should be able to deny internet access to the NAS in your router settings. – AFH – 2018-09-18T18:18:36.547

I found the answer in their support manual. I can't quite tell but it seems like all files might be sent over the Internet which would make it useless in local mode: "My Cloud Home devices must be connected to the Internet. They should be connected to an available router through the included Ethernet connection. (This is not a Wi-Fi® device.) Gigabit capability for the router or switch is recommended to maximize performance. The router requires a Broadband (WAN) Internet connection with an Internet Service Provider (ISP) for initial setup, software downloads and for accessing the device" – Stephen – 2018-09-18T18:22:06.573

Are you aware that not all networks are connected to the Internet? For example, if there's a storm and your internet line breaks, the computers in your house can still talk to each other? – user253751 – 2018-09-18T23:22:03.187

@Stephen: Hmm, that sounds like it comes with some kind of Dropbox-like "sync" app for computers, which ... well, the requirement would make some sense with that. However, I would practically bet that it is not the only way of accessing the NAS. Take the previously mentioned SMB protocol, for example – nearly every NAS supports it, and it is 100% local. As is FTP, and NFS, and SFTP, and AFP. The quoted manual merely attempts to cover all bases, so to speak. – user1686 – 2018-09-19T04:39:48.687

Well, even Western Digital says this is not a NAS: "It is important to know the My Cloud Home is designed as a Personal Cloud device and not a NAS (Network Attached Storage) device."

– Dubu – 2018-09-19T12:50:13.537

A security problem with the My Cloud devices was revealed today, e.g. in The Register: 'I am admin' bug turns WD's My Cloud boxes into Everyone's Cloud.

– Andrew Morton – 2018-09-19T13:46:56.893

Thanks @AndrewMorton. Shudder, this is the second time they've had security flaws publicized just in 2018. Last time was for the precursor to My Cloud Home. – Stephen – 2018-09-19T16:22:56.510

Be careful of that SAN. I believe they require you to have an online account. They don't explain why it is needed, and there's no telling what they take from you with that account. I took the one I purchased back after I could not get through setup. I built my own using Linux, a spare machine, and an inexpensive SATA RAID card. – jww – 2018-10-11T07:11:39.463

Answers

The Ethernet ports in your router are just a switch, basically. The home network does not need internet to work internally. The router will still assign IP addresses, if the option is enabled and the network will still work. You just cannot connect to the internet or to your router from the internet. This is why a NAS like this will still work, but only on your internal network, which means only via WiFi provided by said router and from devices connected via Ethernet (LAN) cable. No access from the internet will be possible. This includes phones not connected to the internal WiFi.

NAS means Network Attached Storage, which means, that the device is, in it's essence, a small computer with a connected hard drive. So all the storage remains locally and is, normally, not uploaded to the Internet, unless configured otherwise. The NAS is sharing access to the device via network folders and, most commonly, uses the SMB Protocol. Most NAS also provide other means of access, such as File Transfer Protocol (FTP) and various others.

If this NAS is not allowing usage without Internet Access, then it is a serious flaw that should not exist and flat out a bad product. It is essentially doing what is commonly called "phoning home".

BadSnowflake

Posted 2018-09-18T17:13:28.547

Reputation: 648

Thanks for your answer, upvoted. I think unfortunately I'll have to buy this product anyway, because the more "pro" NAS solution's I've found are far more expensive (this is only $160), out of my price range. It's a shame though. – Stephen – 2018-09-18T18:26:53.343

2@Stephen DS115j from Synology costs $109, you have to buy a HDD though. Add a NAS HDD, which means it is made for running 24/7, such as WD Red, Seagate Iron Wolf or Toshiba N300 in the size of your choice. It has only 1 bay, but for a home nas, this is good enough. But it should come out at roughly the same price. It is a very advanced NAS, even offers SSH access and packages to install such as GIT or Apache etc. – BadSnowflake – 2018-09-18T18:55:30.773

Thank you @BadSnowflake, I will definitely take a look. Would you say it is secure? As in, can I basically disable Internet access so that it avoids the problems posed by this other device we are talking about? – Stephen – 2018-09-18T19:15:23.423

@Stephen Yes, you can completely disable internet access, but then you may not be able to run system updates. The issue with the WD offering you originally linked isn't that it can access the internet, it's that it can only be managed by a remotely hosted web application (IOW, you can't log in locally and reconfigure anything). The Synology offerings provide a native locally hosted interface ofr management, so they don't have the same security issues as the WD offering. – Austin Hemmelgarn – 2018-09-18T19:23:43.623

Thanks for the clarification Austin, that helps. Though since (as I'm finding) all of these NAS drives have lots of Internet-enabled functionality, I'm a little less convinced that the WD drive is much worse. Yes, unlike the others it requires management over the Internet, but the other drives also have attack vectors over the Internet. The devil will be in the details as far as which one is actually the least secure. I would be more convinced if another NAS swore off Internet connectivity entirely. – Stephen – 2018-09-18T19:31:07.120

5@stephen There is always the option to use an old or new computer with Linux as a NAS. Use an Intel Atom and an ITX form factor case/mainboard and add a HDD for storage. Then you can control what it can access and what not. However, it is more expensive due to current RAM prices. – BadSnowflake – 2018-09-18T19:54:11.387

@BadSnowflake - for a less expensive alternative, there's now an OpenMediaVault NAS distro for the Raspberry Pi. Download, move to an SD card with Etcher, and boot. If using external hard drives, they may need an external power supply, or a powered USB hub in the case of 2.5" drives without a separate power port. The initial bootup does require internet access for security updates, afterwards no 'net needed.

– zmerch – 2018-09-18T20:21:46.910

2I feel obliged to hop on the train and point out that depending on your needs and requirements, buying used equipment instead can offer some substantial savings on your investment of NAS hardware that you can dump right back into disk drives. Caveats are obviously things like lack of warranty, not-bleeding-edge-performance, and overabused hardware. Advantages are in line with saving $$, wider choices in hardware, and reusing functional electronics keeping them away from landfills for longer. – PowerLuser – 2018-09-18T23:41:16.473

3@Stephen The issue with this particular MyCloud device is not that it can have internet access, but that it must have internet access. WD removed local management - that's the only problem which is bound to bite you in the moment you need it the most (eg evacuating your home when there is hurricane incoming and the internet is already down). This also makes MyCloud a perfect target for a botnet, as you've said. BTW, does your router have USB port? It's likely that you already have something with NAS-like functionality, it just needs an external USB HDD connected, so you can save $100. – Agent_L – 2018-09-19T10:52:15.753

It does have a USB port. You're saying I can just plug an external hard drive into my router and have it function like a NAS? Wow, I didn't know that. – Stephen – 2018-09-19T13:10:25.067

1@Stephen You can, if the router supports it. If you are in the US, I think Comcast charges extra for that, but I can't check on that from Europe. – BadSnowflake – 2018-09-19T15:08:18.320

Thanks @BadSnowflake I think I might ask my ISP (Spectrum) how to do it. – Stephen – 2018-09-19T16:20:48.913

According to the description (and the title), this isn't just a NAS. This is an internet cloud storage device, and part (most?) of its job function is to allow you to access whatever's stored on this device remotely - i.e. away from home.

Cloud storage is (roughly) defined as storage areas accessible as long as you have an internet connection. If you turn off the internet access to this device, then you won't have access to any of the files outside of your home network. One thing to note - if certain "standard" tools are required to access files, and those "standard" tools require the internet, you may need to find alternate ways or apps to access the device. If there are no alternative ways to access the device on your home network without internet access, then I would consider the device to be "defective."

The cloud functions of this device would (and should, if you feel you need these functions) require access to the internet. If -- and this is a big if -- the primary / sole purpose of this device is for cloud storage, then it might not be a NAS at all in the traditional sense. If that's the case and you don't need any cloud storage features, then I would look elsewhere.

Hope this helps!

zmerch

Posted 2018-09-18T17:13:28.547

Reputation: 191

In a perfect example of why this could be a mis-feature, "cloud storage NAS" has been shown to be vulnerable over the internet just recently for Western Digital "My Cloud" devices.

– Booga Roo – 2018-09-20T00:40:19.207

I would expect it to depend on what software you use to do your backups.

Having a NAS of a different type I have at least 3 different ways to access and send data to the NAS.

I can go to the web-server on the NAS, log in and upload files that way
I can connect via SAMBA/SMB and browse the filesystem like any networked computer using the \\MyNAS\a\folder\on\the\NAS\ notation. This is also how the Windows backup and File History features access the NAS to back up your data.
Media server software - dependant on how that software works
Particularly for mobile - The supplier provided discovery and backup tools.

I would expect that the users problem was with item 4 on that list. In particular I found that Western Digital software automatically tries to make you create an account to link your NAS "through the cloud" so that you can access it anywhere. Some of us don't want that and disabling that level of featuritis can be non-trivial in some cases. They don't tend to make it impossible though and you should be able to use their tools only within your own network.

By no means do you have to use their software to do things, but it may just make things smoother.

Mokubai

Posted 2018-09-18T17:13:28.547

Reputation: 64 434

Based on the other reviews and descriptions of this device, it is not a "NAS" as that definition is normally understood. When you say NAS, people expect a few basic protocols to be available and for it to simply be a hard drive hooked up to your local network. This "cloud storage" product is designed and marketed for people that have no idea what "NAS", "IP", or "shared folder" even mean. It uses proprietary software to easily backup your files and have them available anywhere, but it appears to not offer the "standard" way of file access that most superusers would expect.

I wouldn't say that it is poorly designed or that it is defective or a bad product. I would say that if you want a NAS and expect it to act like a NAS, you might be sorely disappointed. If their advertising doesn't explicitly say you can do something with it, assume that you can't. It's designed and marketed for a different person for a different purpose.

I've seen a similar thing happen with what should be a simple baby monitor that connects to your phone. When we bought it, I thought that when I was on home wifi I could connect directly to it with no internet connection because that was just a "given" for my technically inclined mind. The designers had a different (lazy) idea, and the monitor connects through the internet no matter what. No internet, no monitor. Even though it seems easy and obvious to make it work that way, that was not in their design, and that's just not a feature it provides.

So, in summary, don't assume you know how a tech product works even if it looks just like something else that is common and well understood.

JPhi1618

Posted 2018-09-18T17:13:28.547

Reputation: 133

1"it is not a "NAS"" - And that is exactly what WD Support replied to the review linked above: "It is important to know the My Cloud Home is designed as a Personal Cloud device and not a NAS (Network Attached Storage) device." No where in the product description does it mention the term "NAS" - this would seem to be an assumption made by the OP (and many who have bought it!). – MrWhite – 2018-09-19T17:20:34.353