NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
ReadyCloud is not running on HTTPS
This topic has been raised before - see https://community.netgear.com/t5/ReadyNAS-Cloud-Storage/Secure-connection-to-http-readycloud-netgear-com-HTTPS/td-p/1482577, but now is Jan 2022 and ReadyCloud is still running on HTTP instead of HTTPS after the initial login. Please fix it Netgear because there is no excuse to send any kinds of files over HTTP no matter what you say regarding the front vs back ends, or local LAN vs Internet. Even if it's HTTP only the front-end (which I can only assume based on answer on the above specified old post), contents of the sent files are exposed all the way from our computer browser through Netgear's first front-end server which is readycloud.netgear.com. Many things wrong can and will happen on this unsecure network segment.
On the other hand, if there is in fact a way to somehow configure/force HTTPS for end-to-end communication, please kindly let me know. Thank you.
4 Replies
Replies have been turned off for this discussion
ReadyCloud does not relay your files through the Netgear server. The server serves only as "operator", initiating a connection between the client and server.
Do you have any kind of security design/drawing of how ReadyCloud operates to post for us to reference?
I assume by "operator" you mean for it to perform some sort of coordition. If that is the case then ...
1) Why shouldn't the "agent" in our browser talk with Netgear server "operator" through HTTPS by/through the Netgear server certificate?
2) Communication between the "agent" in our browser (or client in your words) can talk to the server (a.k.a. our NAS or cloud enabled Nighhawk router) by/through the server certificate itself - assuming it actually makes use of SSL.
3) If the Netgear server "operator" also needs to talk to the server (e.g. our NAS), it can do so by/through the server certificate.
Please refer to my attached drawing for what I try to explain here. Thanks.
AnthonyTran wrote:
Do you have any kind of security design/drawing of how ReadyCloud operates to post for us to reference?
FYI - this is a user <-> user forum and neither Sandshark nor I work for Netgear. Netgear hasn't published the info you are requesting.
The most recent comment from Netgear that I've seen comes from JohnCM_S (who is no longer with Netgear). See post 2 here: https://community.netgear.com/t5/Using-your-ReadyNAS-in-Business/ReadyCloud-security-issues/td-p/1900486
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
