I'm new to Buffalo, and about to deploy a solution to a client involving multiple Buffalo NAS devices. They were very happy with their existing Buffalo NAS and insisted I stick with the brand, so here we are! I just bought a couple of the same devices for myself to play with.
So far, I've set up the NAS (Buffalo LS410D) on the network and it's performing fine.
My first question / observation is - I can access the admin interface using simple http to port 80 on the device's address - ie, 'http://192.168.10.20'. On this page, without ANY authentication (page is showing 'Nog Logged In'), I can choose 'restart'. Thus, anyone in the organization who knows the IP address can restart the device, which seems risky to me. Further, I planned to expose the admin interface to the internet, at least during setup, so I could remotely administer it, but having that restart action exposed at the 'not logged in' level really worries me. So - is there a way to remove 'restart' from the main, un-authenticated web site? And if not, is there some other way to 'protect' the device? I just don't want my users being able to casually browse to that location and have that ability.
Second - when I try to do any configuration on the device - eg, by clicking on 'Advanced Settings', I'm prompted for the admin password (thankfully!). I see also that there's an option there for 'secure connection', and it puts me on an encrypted connection (https://....). Is there a way to disable the 'normal' connection entirely (port 80) and only allow encrypted connection?
Thanks!
There is no way to restrict what shows up on the page, but if you actually attempt to restart the unit it should ask for a password.
Perfect - thanks! I guess I didn't catch that.
so - any answer to the second question - is there any way to disable port 80 / unencrypted access altogether, thus requiring the use of SSL?
No, there isn't I'm afraid. I could talk to developers but we don't get a lot of requests on this so it is unlikely to become a priority, especially on the LinkStation series as those units are designed as consumer systems, not really business oriented.
Browser ID: smf
(is_webkit)
Templates: 1:
Printpage (default).
Sub templates: 4:
init,
print_above,
main,
print_below.
Language files: 1:
index+Modifications.english (default).
Style sheets: 0:
.
Hooks called: 60 (
showintegrate_autoload, integrate_pre_load, integrate_load_session, integrate_verify_user, integrate_pre_load_theme, integrate_user_info, integrate_load_board, integrate_board_info, integrate_pre_load_theme, integrate_allowed_to_general, integrate_simple_actions, integrate_allowed_to_general, integrate_load_theme, integrate_pre_log_stats, integrate_actions, integrate_word_censor, integrate_word_censor, integrate_pre_parsebbc, integrate_bbc_codes, integrate_bbc_print, integrate_post_parsebbc, integrate_word_censor, integrate_word_censor, integrate_pre_parsebbc, integrate_bbc_print, integrate_post_parsebbc, integrate_word_censor, integrate_word_censor, integrate_pre_parsebbc, integrate_bbc_print, integrate_post_parsebbc, integrate_word_censor, integrate_word_censor, integrate_pre_parsebbc, integrate_bbc_print, integrate_post_parsebbc, integrate_pre_parsebbc, integrate_smileys, integrate_smileys, integrate_post_parsebbc, integrate_pre_parsebbc, integrate_smileys, integrate_smileys, integrate_post_parsebbc, integrate_allowed_to_general, integrate_allowed_to_general, integrate_allowed_to_general, integrate_allowed_to_general, integrate_allowed_to_general, integrate_allowed_to_general, integrate_allowed_to_general, integrate_allowed_to_general, integrate_allowed_to_general, integrate_allowed_to_general, integrate_menu_buttons, integrate_current_action, integrate_theme_context, integrate_allowed_to_general, integrate_allowed_to_general, integrate_allowed_to_general)
Files included: 27 - 1055KB. (
show./index.php, ./Settings.php, (Cache)/db_last_error.php, (Sources)/QueryString.php, (Sources)/Subs.php, (Sources)/Subs-Auth.php, (Sources)/Errors.php, (Sources)/Load.php, (Sources)/Security.php, (Sources)/Subs-Compat.php, (Sources)/Subs-Db-mysql.php, (Sources)/Cache/CacheApi.php, (Sources)/Cache/CacheApiInterface.php, (Sources)/StopForumSpam.php, (Sources)/Subs-Charset.php, (Sources)/Unicode/Metadata.php, (Sources)/Unicode/QuickCheck.php, (Sources)/Session.php, (Sources)/Logging.php, (Sources)/Class-BrowserDetect.php, (Sources)/Unicode/RegularExpressions.php, (Sources)/Unicode/CaseUpper.php, (Sources)/Unicode/CaseTitle.php, (Current Theme)/languages/index.english.php, (Current Theme)/languages/Modifications.english.php, (Sources)/Printpage.php, (Current Theme)/Printpage.template.php)
Memory used: 735KB.
Tokens:
post-login.
Queries used: 10.
[Show Queries]