Jump to content
One and a half

Thousands of QNAP NAS devices have been infected with the QSnatch malware October 31, 2019

Rate this topic

Recommended Posts

Ouch Indeed!

 

These things (QNAP & any other like it ) should never be aloud to see/talk to the Internet in the first place unless the owner is feeling very brave. Same thing goes for IP security CAM's. Some people put all sorts of crap on these NAS devices and expose them to the web; sometimes unknowingly.

 

Something storing your personal data in bulk (or watching you) should be placed in a bubble (separate VLAN) with EVERYTHING Inbound/Outbound blocked by default. Were talking all 65,5xx Ports on UDP & TCP. Then 1 for 1 pin hole access rules should be set up for "internal" things needing to access to the NAS on a specific IP and Port basis. Its a PITA to configure and maintain but in times like these its worth every minute spent doing so.

 

People gotta keep $hit locked down these days or this is the result!

Share this post


Link to post
Share on other sites
On 11/1/2019 at 4:00 AM, cjf said:

Something storing your personal data in bulk (or watching you) should be placed in a bubble (separate VLAN) with EVERYTHING Inbound/Outbound blocked by default. Were talking all 65,5xx Ports on UDP & TCP. Then 1 for 1 pin hole access rules should be set up for "internal" things needing to access to the NAS on a specific IP and Port basis. Its a PITA to configure and maintain but in times like these its worth every minute spent doing so.

 

If you do all that, why would you go for NAS instead of just running a Linux server with Samba and maybe something else as needed? Only point of NAS I see is that it is a little bit easier to deal with. If that ease is gone, the point of NAS is, IMO, long gone and it is better to go with a proper server instead.

 


Signalyst - Developer of HQPlayer

Pulse & Fidelity - Software Defined Amplifiers

Share this post


Link to post
Share on other sites

The point of having an NAS in a home environment in my view is being able to squeeze as much performance/usable space into the smallest footprint possible that all other nodes on the network can take advantage of. A dedicated proper server smells "big" and "loud" to me and usually is if its being used as a storage node unless your dropping big bucks on an all Flash multi-TB, multi-Disk setup that is passively cooled and has enough CPU/RAM to take advantage of it all.

 

Regardless of using a off the shelf NAS or a server for the same purpose I would still implement the same security layers previously mentioned since both are doing the same thing. They just now take on different footprints.

 

My mini NAS runs FreeBSD/FreeNAS ([email protected] RAM) and every device on my network is Linux except for my music server which unfortunately must be Windows due to my first hop USB DAC not working with Linux at all (Lynx Hilo..damn shame & damn them for not supporting it).

 

 

Share this post


Link to post
Share on other sites
On 11/9/2019 at 4:20 AM, cjf said:

The point of having an NAS in a home environment in my view is being able to squeeze as much performance/usable space into the smallest footprint possible that all other nodes on the network can take advantage of. A dedicated proper server smells "big" and "loud" to me and usually is if its being used as a storage node unless your dropping big bucks on an all Flash multi-TB, multi-Disk setup that is passively cooled and has enough CPU/RAM to take advantage of it all.

 

The NAS devices I have are louder than my servers, because they don't have proper sound proofing and have small fans... And one can have a server smaller than a NAS too.

 

On 11/9/2019 at 4:20 AM, cjf said:

My mini NAS runs FreeBSD/FreeNAS ([email protected] RAM) and every device on my network is Linux except for my music server which unfortunately must be Windows due to my first hop USB DAC not working with Linux at all (Lynx Hilo..damn shame & damn them for not supporting it).

 

I have a HP micro server with ECC RAM and 6 slot 3.5" HDD bay accessible from front panel, running OpenBSD. And a Xeon E5 machine with ECC RAM, running Linux. Music is served by the Xeon E5 machine over SMB (Samba).

 

All HDD/SSDs are fully encrypted, which is not usually properly supported by off the shelf NAS devices. Many NAS devices have also problem that when the NAS device itself dies, the data is hard to access using another NAS by swapping the disks in. Smallest devices have HDD built in and even taking it out is harder and "not supported".

 

All management is done over ssh (password logins disabled, only PKI login), no web junk.

 


Signalyst - Developer of HQPlayer

Pulse & Fidelity - Software Defined Amplifiers

Share this post


Link to post
Share on other sites
On 11/8/2019 at 6:20 PM, cjf said:

The point of having an NAS in a home environment in my view is being able to squeeze as much performance/usable space into the smallest footprint possible that all other nodes on the network can take advantage of. A dedicated proper server smells "big" and "loud" to me and usually is if its being used as a storage node unless your dropping big bucks on an all Flash multi-TB, multi-Disk setup that is passively cooled and has enough CPU/RAM to take advantage of it all.

 

Regardless of using a off the shelf NAS or a server for the same purpose I would still implement the same security layers previously mentioned since both are doing the same thing. They just now take on different footprints.

 

My mini NAS runs FreeBSD/FreeNAS ([email protected] RAM) and every device on my network is Linux except for my music server which unfortunately must be Windows due to my first hop USB DAC not working with Linux at all (Lynx Hilo..damn shame & damn them for not supporting it).

 

 

Many people referred to them in the past as NAS Drives. Associating them as hard disc drives, built into a small computer that's more elegant solution to serve up files. Home NAS computers have developed into ways to deliver your media all around your home network to different devices in different rooms. Several of these have no fans and are very quiet. I've been using an iMAC as NAS to play back AIFF files since 2003, - along with (starting out with an ibook) a macbook & USB to SPDIF converter as a file player. Getting rid of those noisy, and cumbersome computers, (loading LMS and MiniMServer on my QNAP), - was one of my wisest moves.

Share this post


Link to post
Share on other sites
On 11/12/2019 at 8:46 PM, Albrecht said:

Several of these have no fans and are very quiet.

 

Spinning discs without sound proofing and anti-vibration mounting are noisy, without any fans needed. Good, big, slowly rotating fans are quieter than spinning discs ever.

 

In addition, many NAS devices for home market have the cheapest possible disks inside. Not the enterprise NAS drives designed for 24/7 endurance for years. But instead the cheap 3 year or less warranty drive models. Good drive models have five year warranty. They usually also don't get regular security updates for the software for 5+ years after manufacturing date (which is likely among the reasons for this thread).

 

Good starting point are WD Red Pro and Seagate Ironwolf Pro drives, designed for NAS use.

 

On 11/12/2019 at 8:46 PM, Albrecht said:

I've been using an iMAC as NAS to play back AIFF files since 2003

 

That's not a NAS, that's a server... ;)

 


Signalyst - Developer of HQPlayer

Pulse & Fidelity - Software Defined Amplifiers

Share this post


Link to post
Share on other sites

I have an ioSafe NAS running Synology Disk Manager which purports to be easy to set up and run. That said, I had a professional do it, and the identical one at my Brothers house as well. It is basically used for backup and redundancy. Music that gets served on my network via ROON comes via the HDD connected to the Mini running ROON Server.


No electron left behind...

Share this post


Link to post
Share on other sites
18 hours ago, Miska said:

 

Spinning discs without sound proofing and anti-vibration mounting are noisy, without any fans needed. Good, big, slowly rotating fans are quieter than spinning discs ever.

 

In addition, many NAS devices for home market have the cheapest possible disks inside. Not the enterprise NAS drives designed for 24/7 endurance for years. But instead the cheap 3 year or less warranty drive models. Good drive models have five year warranty. They usually also don't get regular security updates for the software for 5+ years after manufacturing date (which is likely among the reasons for this thread).

 

Good starting point are WD Red Pro and Seagate Ironwolf Pro drives, designed for NAS use.

 

 

That's not a NAS, that's a server... ;)

 

Thanks for commenting on my post. 

 

"That's not a NAS, that's a server." Yes, - thanks for clarifying this for others.

 

"Spinning discs without sound proofing and anti-vibration mounting are noisy, without any fans needed. Good, big, slowly rotating fans are quieter than spinning"discs ever"

 

Yes, - and many of the QNAP NAS devices have neither fans or spinning discs, - but SSD drives. Or, - no HDDs, and the user can purchase their own drives separately as I have done.

 

Again, - I do appreciate your corrections/clarifications.

Share this post


Link to post
Share on other sites
15 minutes ago, Albrecht said:

Yes, - and many of the QNAP NAS devices have neither fans or spinning discs, - but SSD drives. Or, - no HDDs, and the user can purchase their own drives separately as I have done.

 

Then it is either very small or very expensive. But sure, I have no problem building a fanless server with SSDs either. One of my servers has 400W fanless PSU, fanless case and Intel i5-6600T CPU with fanless cooling. Totally silent, with two mirrored SSDs. But it is just a firewall for internet.

 

When I think about NAS, I think more about something like three 16 TB HDDs.

 


Signalyst - Developer of HQPlayer

Pulse & Fidelity - Software Defined Amplifiers

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...