A slight security risk
-
zakspop
- Posts: 191
- youtube meble na wymiar Warszawa
- Joined: Sat Nov 23, 2013 3:55 am
- Location: Texas, USA
A slight security risk
I was thinking about something a few nights ago. I was thinking that if anyone who was looking to hack into an Asustor NAS specifically and who know something about them could come to this site and start looking at the user names of the forum members and try them with myasustor.com. EX: zakspop.myasustor.com (not how I have mine set up). So, I ran a little test and I got a hit on the 3rd attempt. username.myasustor.com:8000 and voila, an Asustor 608T logon screen. Being that Asustor doesn't allow us to disable the admin account, the only thing keeping someone out is a password. I would suggest that no one use the same user name on this forum and myasustor.com. That is like leading someone to your front door.
-
ho66es
- Posts: 476
- Joined: Wed Mar 13, 2013 5:38 am
Re: A slight security risk
good tip,
you could just disable ezrouter or Upnp on router, that allows mycloud to work on whatever ports you manually allow on router. Normally I would recommend disabling upnp that way you know what ports are open as you manually configure them
you could just disable ezrouter or Upnp on router, that allows mycloud to work on whatever ports you manually allow on router. Normally I would recommend disabling upnp that way you know what ports are open as you manually configure them
608t
-
zakspop
- Posts: 191
- Joined: Sat Nov 23, 2013 3:55 am
- Location: Texas, USA
Re: A slight security risk
True. But, some people want the ability to connect to the NAS remotely or they have their own personal web site on the NAS. There are lots of things to do to keep your NAS safer and every little thing helps. If you wanted to get to ADM remotely I would suggest using a some random port on the outside that links to the default port on the inside. EX: 1014 external to 8000 internal.
-
Ubuntux
- Posts: 87
- Joined: Mon May 26, 2014 1:56 am
- Location: Denmark
Re: A slight security risk
1 - set a login limit 3 attemts and then ADM will block the following IP
2 - get notifications over e-mail when something happens (login attemp) then you block the IP in the firewall in ADM
3 - dont use port 8000 only use port 8001 or another but with ssl active!
4 - turn off your nas when you dont use it can be done from settings a few hours is more then enough to prevent attempts when you sleep and you might save som bucks on the electricity bills
I dont use the cloud id i have a public accessable ip and i block all ips trying to access that i dont know.
2 - get notifications over e-mail when something happens (login attemp) then you block the IP in the firewall in ADM
3 - dont use port 8000 only use port 8001 or another but with ssl active!
4 - turn off your nas when you dont use it can be done from settings a few hours is more then enough to prevent attempts when you sleep and you might save som bucks on the electricity bills
I dont use the cloud id i have a public accessable ip and i block all ips trying to access that i dont know.
AS-604T & AS-202T
-
ho66es
- Posts: 476
- Joined: Wed Mar 13, 2013 5:38 am
Re: A slight security risk
zakspop wrote:True. But, some people want the ability to connect to the NAS remotely or they have their own personal web site on the NAS. There are lots of things to do to keep your NAS safer and every little thing helps. If you wanted to get to ADM remotely I would suggest using a some random port on the outside that links to the default port on the inside. EX: 1014 external to 8000 internal.
disabling ezrouter and upnp on router doesn't stop you manually configuring ports it just stops applications opening ports without knowledge, that way if you want a port open you physically have to do it and should be aware of consequences.My personal preference is to open vpn ports (shift to non standard if you wish) and then use vpn to access nas services and lan.
I use fail2ban script on my ssh server, works very nicely but unsure if it could be easily ported to nas (I have no need so haven't tried).
608t