NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Do I need ReadyCLOUD?
I will soon be receiving a new ReadyNAS which will presumably run the current version of OS 6. I will be using the device for sharing confidential data within my local network, but I have no intention of setting up cloud access through the internet and - least of all - using a cloud service run by someone else, including Netgear. This also includes the backup of the data on my NAS, which I will perform only on locally attached, external drives.
From whai I have seen in the internet, you use ReadyCLOUD to set up and administer your OS 6 ReadyNAS. I assume that this means that you have to identify yourself towards ReadyCLOUD, and that your login credentials will be stored 'somewhere'. Does this also imply that I will be at an increased risk of intrusion into my ReadyNAS through the internet?
Which of the operations performed through the ReadyCLOUD interface will make my locally stored data accessible through the internet? Which may cause storage of local data on the ReadyCloud server?
Finally: Do I need to use ReadyCLOUD at all? Are there alternative methods for setting up and administering my ReadyNAS?
Of course, I do not want to be paranoid about data protection. But I neet do make sure who will have access to what, and where pttential gaps are. And there is so little 'substantial' information available about ReadyCLOUD and potential security issues ...
Thank you,
Andreas
5 Replies
Replies have been turned off for this discussion
Hello AVoelp,
ReadyCloud is a feature on ReadyNAS OS6 units that will allow you to access the NAS remotely via web URL and/or ReadyCloud app (iOS, Android, Windows and Mac). This will also allow you to invite friends to access some shares/folder by setting up a permission.
Do you need ReadyCloud? It is up to you, alternatively you can also setup FTP on some shares you want to access remotely, the difference however is FTP uses local users you have in the ReadyNAS admin page for authentication and you need to make sure your ISP and router do not block FTP firewall port.
Here are some article you might be interested in:
What is ReadyCLOUD and how do I use it with my ReadyNAS OS 6 storage system?
Hope this helps.
Regards,
You can use RAIDar to discover your NAS on your local network and get to the local admin page or if you determine the I.P. using another method browse to e.g. https://ip.address.of.nas to access the local admin page.
You certainly don't need to use ReadyCLOUD, but many find it useful.
You don't need to use ReadyCloud - there is a control in the GUI you need to enable for it, and by default that control is off.
The NAS will reach out to various netgear hosted servers though - that includes NNTP time servers and software update servers. There is also an update server for the antivirus service - that is not hosted by Netgear. AV can be disabled if you wish.
There are ways Netgear can access the NAS remotely for support, but you need to take action to enable them (and Netgear does require a consent form from you before they will access it).
Personally I see no issues with those other services, but you could avoid using them if you wish. The NNTP servers used are configurable, and you could block internet access to netgear.com to the NAS in a firewall (or using the parental controls in your router). I haven't.
Some apps also use third party internet services - Plex in particular. You'd need to research the security/privacy of those services separately.
AVoelp wrote:
Does this also imply that I will be at an increased risk of intrusion into my ReadyNAS through the internet?
Which of the operations performed through the ReadyCLOUD interface will make my locally stored data accessible through the internet? Which may cause storage of local data on the ReadyCloud server?
Netgear doesn't provide much information on security with ReadyCloud (and you won't find the answers to your questions in the FAQ Jennc linked). Personally I'd like to see more disclosure on these aspects. The days of "security through obscurity" are long over.
If you do use ReadyCloud, your data will traverse Netgear cloud servers. And we do know that the servers can decrypt the data - because they do precisely that when you access the data from the ReadyCloud web portal, without the need for a PC VPN client. Also right now the ReadyCloud portal uses HTTP and not HTTPS.
Cloud accounts are distinct from local user accounts (and they show up on your NAS separately). Details on where the credentials are stored and how they are protected haven't been disclosed.
While I am a home user, I do know that my employer would not use ReadyCloud because it would not meet their security requirements. There isn't enough information from Netgear to fill out their security checklist, but the use of HTTP in the portal would be a non-starter.
FWIW, these security gaps are all fixable, and it is unfortunate that Netgear hasn't.
AVoelp wrote:
Are there alternative methods for setting up and administering my ReadyNAS?
Of course, I do not want to be paranoid about data protection.
Being careful about privacy and security is not being paranoid, and I think your questions are good ones.
Setting up and administering the NAS does not need ReadyCloud, and can be done w/o any internet connection. There is a local app called RAIDar that is handy (whether you use ReadyCloud or not). RAIDar isn't needed that often, but it can discover your NAS and report status even if the NAS network configuration is broken. (It uses UDP broadcast, which will not go through your home router).
If you want remote access over the internet, then there are a couple ways to go about that. JennC mentioned FTP - though I'd suggest FTPS which is encrypted. You can use non-standard ports to work around ISP blocking.
You can also enable HTTPS access with port forwarding. That enables both remote administration and remote file access (that is all-or-nothing).
You could also look into the apps for owncloud and btsync. If you do want owncloud, I suggest getting it from whocares_ at rnxtra.com. That is the current version, the one shows up in available apps in the NAS web UI is old.
Another approach (which I am trying out) is to use a router that supports OpenVPN, and use that to reach your home network. That requires a DDNS service to reach your router (which you also need if you use port forwarding), but your data would not traverse anyone's servers, and is encrypted on your device and decrypted in your router.
OpenVPN gives complete access to your home network, so it is suitable for you and immediate family (or employees) - who already have that access. But it isn't suitable for limited sharing with friends (or customers).
Thanks very much for all this usefull information. Actually, there is currently no need for accessing the ReadyNAS from outsite my LAN - I have ownCloud already running on another server and with SSL encryption - that meets my requirements completely.
Is there any point - and any appreciable risk - in using ReadyCLOUD just for ReadyNAS setup and administration, not for remote access or file sharing?
BTW: I really cannot understand why many IT vendors - obviously including Netgear - are so restrictive with the communication of the securety and validation/qualification measures that they take. Lack of information causes mistrust and, on the other hand, better communication would enable a realistic risk assessment on the part of the user and create trust in the company. Opportunities wasted ...
Andreas
AVoelp wrote:
Is there any point - and any appreciable risk - in using ReadyCLOUD just for ReadyNAS setup and administration, not for remote access or file sharing?
ReadyCloud is all about remote access - if you don't want that, then there is no point to using it for setup and administration.
RAIDar will also take you to the local web ui, provide status, and let you download logs.
I tried to state the risks in the previous post - how appreciable they are does depend on point of view, and also the nature of the information you store on the NAS. I did miss one - account passwords are emailed when you invite users, which might be a concern for some.
AVoelp wrote:
BTW: I really cannot understand why many IT vendors - obviously including Netgear - are so restrictive with the communication of the securety and validation/qualification measures that they take. Lack of information causes mistrust and, on the other hand, better communication would enable a realistic risk assessment on the part of the user and create trust in the company. Opportunities wasted ...
I agree, and would add that business customers increasingly insist on this information (and in some cases are legally required to obtain it before they deploy). My own employer does an up-front assessment of security and privacy for all hosted services they deploy. That assessment is done by both IT and legal.
At the moment, many companies also need to know where the information is stored as well - because of the recent EU court decision overturning the "safe harbor agreement".
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
