TechSpot

Security for files on a NAS

By howardrg
Oct 23, 2008
  1. I hope this Q is not too dumb. I just added a Netgear ReadyNAS to my network. The network is through a D-Link DI-624 router. Two laptops wirelessly connect to the network and a desktop is wired to the router with a network cable. The NAS is also wired to the router. How can I best protect the files stored on the NAS from the outside world? Is that automatically handled by the firewall on the router? I have WEP encryption set up on the wireless access, but there was no encryption for the NAS. Is that because the NAS is hard-wired and there is no way for outsiders to get in ? I imagine I am lacking some basic understanding here, but I would really appreciate some info. Thanks.

    -H
     
  2. jobeard

    jobeard TS Ambassador Posts: 9,322   +622

    If you can configure the primary router to deny inbound ports 135-139, 445, 631,
    then your entire LAN will be protected from external access.

    If the NAS devices are formated NTFS, you could add ACL rules to allow
    <Users> group but deny <Everyone> group which would the allow only
    users with logons access.
     
  3. Ultiweap

    Ultiweap TS Enthusiast Posts: 606

    As you're using WEP as password I would recommend you to change it first of all as WEP is too easy nowadays to be cracked and hacked. So prefer you go to WPA and you may be well protected.

    Then follow that jobeard asked you...
     
  4. howardrg

    howardrg TS Rookie Topic Starter

    Thanks for the advice. I am using the DI-624 router. Regarding WPA , the manual says "This mode requires a RADIUS server in the network." I don't understand what a RADIUS server is and I don't think I have one. As for the ports, I think I have found the config page for this -- please see the attached screen cap. But it seems only to allow denial of a range of ports -- not a non-consecutive group.
     
  5. howardrg

    howardrg TS Rookie Topic Starter

    answering my own question...

    Investigating further I have found the following:

    WPA-PSK
    Pre-Shared Key mode means that the wireless client and the router must have the same passphrase in order to establish the wireless connection. A RADIUS server is not required with PSK.


    So maybe I can use WPA after all. Now I need to figure out what is involved in getting the wireless client and the router to use the same "passphrase." How is that different than the encryption key I now use?
     
  6. jobeard

    jobeard TS Ambassador Posts: 9,322   +622

    so build three rules
    1) 135-139
    2) 445
    3) 631

    :)
     
  7. jobeard

    jobeard TS Ambassador Posts: 9,322   +622

    see http://en.wikipedia.org/wiki/RADIUS
     
  8. howardrg

    howardrg TS Rookie Topic Starter

    as noted above, I think I can use the PSK mode. I am unsure as to how to implement this though. Would it be as simple as changing to WPA-PSK, making up a "passphrase" such as "Mary had a little lamb" and then using that passphrase on the other wirelessly networked just like I do now for the WEP encryption key?
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...