Security Concerns

    • Security Concerns

      Recently I am using an old computer to work as a NAS with OpenMediaVault.

      Since I wanted to share the content of one disk in my local network I created one samba server and so far so good.

      However as I also needed to access the files from outside my local network so I went to my router and forward ports 445 and 139 (udp and tcp) and everything works fine. And since I have an DNS service, is perfect and easy for me to access those files, I just put the server address and the login and that was it. I am doing this for about 2 years now but since was not personal files it was a good trade off for me.

      But now that I pretend to store sensitive information I have security concerns if I am doing it right...

      Is there a secure way to do this kind of share?

      Also I use the NAS as:

      1. Torrent Client (I have 9091 port forwarding),
      2. Plex server
      3. SSH is active (22 port forwarding in the router)
      4. HTTP port forwarding to access openmediavault control panel from outside the network (again port 80 to 8080 forwarding).


      Since I am starting to have too many port forwardings I am starting to have this security concerns... specially now that I pretend to use this machine (or other dedicated machine in my local network) to act as a Network Video Recorder and store video from IP security CAMs.

      It's preferable to create a VPN server to access my network instead of all of this port forwarding?

      Thank you for your help.
    • The more you put the system into the world, the more likely it is that someone will get inside.
      SMB exposed to the world is asking for trouble. Do you really need so many things available from outside the lan?
      Place the vpn server and connect to the lan resources. Or use ZeroTier.
      youtube.com/watch?v=9Rfqi62bo5M

      You pretend to have sensitive data ... Do you actually have it? If so, start thinking about separation and encryption.
      A separate machine only for sensitive data and only service / services that are absolutely necessary, nothing more. Keep data encrypted, the entire disk or container. Ideally, the data should be in such a form that the NAS never has them as decrypted.
      Even if the attack succeeds on the NAS, the attacker will only take encrypted data. All decryption should rather take place on the user's target machine and the NAS should only be treated as a storage site for the encrypted content.
    • If it were me.... I'd install NextCloud per TechnoDad's video, then follow his second video to secure it with Letsencrypt, and then put the stuff you need remote access to in NextCloud. You can install the Android/iPhone app on a device, or just use a web browser to access your files.

      I've grown very fond of Nextcloud for important stuff on my NAS.
      Air Conditioners are a lot like PC's... They work great until you open Windows.

    • Users Online 1

      1 Guest