Author Topic: What are the security issues with a drive on my network without a firewall on the drive?  (Read 1339 times)

Kotch

  • Calf
  • *
  • Posts: 5

Hi

 

I've just installed a LS-WXL085 (the full model name is in my signature file) and I'm concerned about security.

 

Isn't the drive a bit exposed by being placed on my network rather than being attached to my PC? If it was attached to my PC (such as a USB drive) it would be behind the firewall on the PC. From the manual I understand that the USB connection can only be used to connect remote devices and is not intended to connect the drive to a PC.

 

My network consists of a cable modem with three Netgear switches in series carrying the network into other parts of the house. It's all wired and there is no wireless element. I know when I had my first cable modem years ago there was a setup screen that might have had some security settings but these days they just plug in and you don't seem to get an interface to the cable modem. Each of the PCs on my network has it's own firewall so a firewall for the whole network has never been an issue.

 

The reason for my caution is that if an intruder can get far enough into my network to be able reach my PC (and then be repelled by the firewall) what is to stop them reaching the remote drive? Obviously having the drive on the network is much more convenient if I can be assured it's secure.

 

 


daoswald

  • Buffalo
  • ***
  • Posts: 100

If your first connection from the modem to the network is a router with a built-in firewall, you're fine.  If it's indeed just a switch, you're correct, there is no firewall.  If that's the case, someone outside your LAN could possibly have just exactly the same access to your NAS (including its configuration pages, as well as its shares) as you do within the LAN.  A first line of defense would be to change the password on your configuration screen, and use logins with passwords for your shares.  Also disable all extra features (FTP, web, etc.) unless you need them and have them configured properly.

 

My suggestion is to go pick up the cheapest gigabit router you can find.  Even a wireless one is ok; if you don't need wireless just disable that feature in the router's configuration.  It's much easier to let the router do its job than to try to lock down every piece of equipment on your network.  Come to think of it, if your entire network is exposed, the NAS is not your only worry.  Get a hardware firewall.


Kotch

  • Calf
  • *
  • Posts: 5

Hi thanks for this reply, sorry for the delay, it's been busy here.

 

I probably didn't describe my network correctly so here goes.

 

Cable Modem (Virgin) don't know the model.

 

This is connected to:

Router - Netgear RP614 (the box says it has an SPI Firewall and a NAT firewall. I've not configured it at all.

The Buffalo drive is connected to this router.

 

This is connected to another two switches,

 

My concern is that the firewall on the router is not going to be sufficient since it's at the default settings. Parhaps I'm being too cautious here and imagine that we get probed by persistent hackers and that these hardware firewalls are not much use unless you set them up properly.