So the box and disks arrived last week and the NAS is now set up and configured on my home office network. Good so far.
I would like to make some of the content on the NAS available over the Internet to a small number of trusted people, and my initial thought was to start adding a few layers to the security. Looking through the manuals and forums, it doesn't look like there are many options for direct configuration of the HTTPS options, specifically that the only HTTPS option is to use the 'default' Linkstation certificate (cn=develop, o=buffalo, ou=NAS, signed by BUFFALO INC., expires 2027, etc for admin), and there is no option to require a client-side certificate i.e. force the person browsing files to provide a certificate recognised as valid by the Linkstation.
On Web Access, it is possible to enable SSL which hides the comms so that is useful, but again there does not appear to be any control over the configuration of that secure connection i.e. you have to use the 'Internet Widgets Pty Ltd' certificate and no other options.
Out of the box, I can use SSL to access the NAS, use the firewall and port forwarding to restrict access to just those ports, choose a good name for buffalonas.com if I use it, and create users with decent passwords on the Linkstation. However, I'm really only scratching the surface on this and there are several things I'd like to find out more information about:
- Can the certificates and certificate authorities on the Linkstation be changed?
- Can you block anonymous access in to the Web Access UI so that a login is required?
- Is there any logging of failed access or other security violations being done?
- php.ini is exposed in the admin UI but what else can be done with the implementation on the Linkstation?
- Is there a general security forum for discussion on the Linkstation or similar products?
I could put my own SSL proxy mechanism in front of the Linkstation fairly easily but it really does look like the Linkstation itself has all the necessary capabilities if they are accessible.
Thanks in advance for any pointers.
