Securing NAS on Internet

Hi guys

Just needed some advice,I have an old and trusty NETGEAR NAS duo on my network, I recently made it capable (through netgear's software) to give me access to the content available on the NAS remotely. Also in the mean time I have made it available through the ability to point the browser at its IP and access the folders shared... ( i am not a network pro...but an entry grade noob)

I am concerned as to how secure is the NAS in these formats, because since I can access the drive, can others do the same

My network includes

The dlink dns526b, (I have left it mostly at default, and would appreciate if you can tell me what to enable without sacrificing too much performance), which then supplies to the 5th gen apple extreme base station, which is extended by the apple express, all of our wireless (wired devices ) lie behind the apple extreme base station.
I know the AAEB does not have a very secure firewall or something or the other,

Can you help.

Thanks


Sent from my iPad using Tapatalk HD

 

You just need to setup a FTP Server pointing to the NAS which requires authentication.
That will be good enough.
If you want powerful, flexible systems don't buy Apple Routers, use OpenWRT that runs on many Routers available on the Market

 

I'm assuming you set it up for FTP access which is a port forward in your router. Def settings are not secure at all. If your NAS logs failed attempts look at the log and see if someone is trying to hack it. It only took the hacker less than a day to find mine once I put it online. I use Snap NAS boxes that support FTPS as well as FTP. They where pounding mine 24/7 trying to use admin id and common user names. I received a email when all this started. Make sure you use a strong password (user and Admin), no words that are in a dictionary. The stronger the better, also make sure you have remote access for your router turned off or a super high secure password. Now what I have found that works and easy to setup is this. Hackers use scanners to look for hardware which normally scan the lower ports, <1024. FTP uses def port 21 and is very easy to detect. In your router you need to add a port forward rule. What you want to do is choose a port that is between 1024 and 65535 any will do but try to avoid gaming ports. Some ISP block certain ports, mainly 80 and a few others. Then you have that port forward to your NAS on port 21. With that set it will not change your internal network but will change how you have to access it from the outside. The way you will now access it is with a port assignment. It looks like this if you used port 12000 : ftp(s)://domainname.xxx/share:12000

You can also turn off respond to ping, router and nas. This will make it run in stealth mode but it makes trouble shooting harder it there's a problem.

I have been using this setup for years now and have not had a single attempt since I did the port forward.

 

Ok now all this talk on port forward is really Greek to me

I have the dlink 526b modem and the airport extreme base ST.

Can you direct me hit to go about this

The NETGEAR NAS has this remote facility setup thru their site where a user stores his email,username and pwd.and the acess happens through there, also me only has admin setup on the NAS, no individual users setup, as the data is freely accessible to all network users

 

Google "Port forwarding" and you will find plenty of info on it and guides. In most cases it's located under advanced features, firewall rules, ..... All router firmware is different, just need to see what your router offers.

 

Yes, but I the remote feature of the NETGEAR NAS duo is somewhat of a registering the unit with the NETGEAR website and allowing it to have remote access though the site

I will list the links explaining this procedure, also I don't see any option to be able to see if someone is trying to hack into my NAS

 

Look at WebDAV or openvpn as alternatives to the FTP solutions proposed.
Here's a guide on netgears website for configuring WebDAV
Accessing ReadyNAS remotely with WebDAV : NETGEAR ReadyNAS Community

 

No need to got through a third party. If you have PW access setup on your NAS it's just a matter of setting up your router to point to it. You will also need a domain name (Dyndns) setup so you can find it on the www if your ISP uses DHCP and not static IP's. If static Ip all you do is point to it.