Jump to content
Sign in to follow this  
One and a half

Thousands of QNAP NAS devices have been infected with the QSnatch malware October 31, 2019

Rate this topic

Recommended Posts

Ouch Indeed!

 

These things (QNAP & any other like it ) should never be aloud to see/talk to the Internet in the first place unless the owner is feeling very brave. Same thing goes for IP security CAM's. Some people put all sorts of crap on these NAS devices and expose them to the web; sometimes unknowingly.

 

Something storing your personal data in bulk (or watching you) should be placed in a bubble (separate VLAN) with EVERYTHING Inbound/Outbound blocked by default. Were talking all 65,5xx Ports on UDP & TCP. Then 1 for 1 pin hole access rules should be set up for "internal" things needing to access to the NAS on a specific IP and Port basis. Its a PITA to configure and maintain but in times like these its worth every minute spent doing so.

 

People gotta keep $hit locked down these days or this is the result!

Share this post


Link to post
Share on other sites
On 11/1/2019 at 4:00 AM, cjf said:

Something storing your personal data in bulk (or watching you) should be placed in a bubble (separate VLAN) with EVERYTHING Inbound/Outbound blocked by default. Were talking all 65,5xx Ports on UDP & TCP. Then 1 for 1 pin hole access rules should be set up for "internal" things needing to access to the NAS on a specific IP and Port basis. Its a PITA to configure and maintain but in times like these its worth every minute spent doing so.

 

If you do all that, why would you go for NAS instead of just running a Linux server with Samba and maybe something else as needed? Only point of NAS I see is that it is a little bit easier to deal with. If that ease is gone, the point of NAS is, IMO, long gone and it is better to go with a proper server instead.

 


Signalyst - Developer of HQPlayer

Pulse & Fidelity - Software Defined Amplifiers

Share this post


Link to post
Share on other sites

The point of having an NAS in a home environment in my view is being able to squeeze as much performance/usable space into the smallest footprint possible that all other nodes on the network can take advantage of. A dedicated proper server smells "big" and "loud" to me and usually is if its being used as a storage node unless your dropping big bucks on an all Flash multi-TB, multi-Disk setup that is passively cooled and has enough CPU/RAM to take advantage of it all.

 

Regardless of using a off the shelf NAS or a server for the same purpose I would still implement the same security layers previously mentioned since both are doing the same thing. They just now take on different footprints.

 

My mini NAS runs FreeBSD/FreeNAS ([email protected] RAM) and every device on my network is Linux except for my music server which unfortunately must be Windows due to my first hop USB DAC not working with Linux at all (Lynx Hilo..damn shame & damn them for not supporting it).

 

 

Share this post


Link to post
Share on other sites
On 11/9/2019 at 4:20 AM, cjf said:

The point of having an NAS in a home environment in my view is being able to squeeze as much performance/usable space into the smallest footprint possible that all other nodes on the network can take advantage of. A dedicated proper server smells "big" and "loud" to me and usually is if its being used as a storage node unless your dropping big bucks on an all Flash multi-TB, multi-Disk setup that is passively cooled and has enough CPU/RAM to take advantage of it all.

 

The NAS devices I have are louder than my servers, because they don't have proper sound proofing and have small fans... And one can have a server smaller than a NAS too.

 

On 11/9/2019 at 4:20 AM, cjf said:

My mini NAS runs FreeBSD/FreeNAS ([email protected] RAM) and every device on my network is Linux except for my music server which unfortunately must be Windows due to my first hop USB DAC not working with Linux at all (Lynx Hilo..damn shame & damn them for not supporting it).

 

I have a HP micro server with ECC RAM and 6 slot 3.5" HDD bay accessible from front panel, running OpenBSD. And a Xeon E5 machine with ECC RAM, running Linux. Music is served by the Xeon E5 machine over SMB (Samba).

 

All HDD/SSDs are fully encrypted, which is not usually properly supported by off the shelf NAS devices. Many NAS devices have also problem that when the NAS device itself dies, the data is hard to access using another NAS by swapping the disks in. Smallest devices have HDD built in and even taking it out is harder and "not supported".

 

All management is done over ssh (password logins disabled, only PKI login), no web junk.

 


Signalyst - Developer of HQPlayer

Pulse & Fidelity - Software Defined Amplifiers

Share this post


Link to post
Share on other sites
On 11/8/2019 at 6:20 PM, cjf said:

The point of having an NAS in a home environment in my view is being able to squeeze as much performance/usable space into the smallest footprint possible that all other nodes on the network can take advantage of. A dedicated proper server smells "big" and "loud" to me and usually is if its being used as a storage node unless your dropping big bucks on an all Flash multi-TB, multi-Disk setup that is passively cooled and has enough CPU/RAM to take advantage of it all.

 

Regardless of using a off the shelf NAS or a server for the same purpose I would still implement the same security layers previously mentioned since both are doing the same thing. They just now take on different footprints.

 

My mini NAS runs FreeBSD/FreeNAS ([email protected] RAM) and every device on my network is Linux except for my music server which unfortunately must be Windows due to my first hop USB DAC not working with Linux at all (Lynx Hilo..damn shame & damn them for not supporting it).

 

 

Many people referred to them in the past as NAS Drives. Associating them as hard disc drives, built into a small computer that's more elegant solution to serve up files. Home NAS computers have developed into ways to deliver your media all around your home network to different devices in different rooms. Several of these have no fans and are very quiet. I've been using an iMAC as NAS to play back AIFF files since 2003, - along with (starting out with an ibook) a macbook & USB to SPDIF converter as a file player. Getting rid of those noisy, and cumbersome computers, (loading LMS and MiniMServer on my QNAP), - was one of my wisest moves.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  



×
×
  • Create New...