Secure OMV

Hi, yes, security is always good, in your case with 'critical data' a 'must' really or a at least very good thing to do!

A few options, if date is really critical, you can first encrypt the data with for example Truecrypt, create a file, encrypt, and upload in your folder.
If it is not that 'critical' then zip it with a password, although i think there are very good programs to crack that as well, Truecrypt is your best option!

- Make sure you give the minimum [read only] rights to users for your shared folders, triple check this
- Best way is to create Groups and add users to the group, give special attention to the inherited rights for that group, because they flow down the tree!

Use the firewall;

- Add a rule with your Master PC to be able to do all want, you can always refine the rules ;-), don't lock yourself out is the idea... [in top of the list!]
- Add the rules to allow your devices can do what you want them to do.
- Block outside coming in, by creating a rule 0.0.0.0/.0 REJECT ALL ports.

* Like with the rights flowing down, the firewall is the same, you first unblock yourself, then block the rest.

Hope this helps.

It depends a lot of what you installed on your NAS.

If your NAS is behind a router, most of the time your safe as long as no ports are open (you can use a service like "online nmap" to check for open ports).

A good tip is in my opinion to reduce as much as possible the open ports on your router. Adding a firewall on the NAS itself is always a good idea, but also needs to be tuned correctly in order to let legitimate traffic go through.

Another good idea would be to use OpenVPN. For me it would be to set up an OpenVPN in TAP mode (it basically simulate that you are connected over ethernet on your home network no matter from where your connecting). Once the VPN is all set up, you just need to open a port of your choice on your router (port forwarding) to let the VPN get in. I would advice to choose a rather random port so that people don't guess to easily what service is behind that port.

For me this setup is the most secure you can get while still getting a lot of remote services from your NAS. Yet i didn't setup a VPN like that yet.

Unfortunately, the current OMV OpenVPN plugin is just useful for TUN mode which doesn't work for your SMB share for example (or any other services advertised by broadcasted packets).

Sorry if i'm a bit technical, but if you have the skills to get an OpenVPN working, then it's in my humble opinion a great way to get a full access to your network while keeping a minimal level of security.

Securing data for what? access from intranet or internet?
I think that first scenario are different and also that really secured back-end (data) must be paired with really secured and control applications. If you have very secured back-end but weaknesses at application level (I mean applications authorized to access data, then you jeopardize your "secured data" design.

Hello , I want to put in safe my Server OMV , I have 2 websites that are accessible from the Internet , give me some suggestions for secure my OMV ? I need some firewall rule . I have no idea how to create it , is important for me .

thanks