NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

realtek30's avatar
realtek30
Aspirant
Aug 10, 2015

ReadyCLOUD Security

Hi,

 

I was hoping someone could add some clarifty to the security of ReadyCLOUD as I had a question from a customer.

 

If I understand it correctly, you create a ReadyCLOUD user account - which the credentials are stored on Netgears ReadyCLOUD servers.

 

You then 'link' your device to this ReadyCLOUD account which looks to me as if a trust relationship is setup and you are escentually giving ReadyCLOUD full access to your device.

 

I know from a front end perspective a user needs those credentials to access data on the ReasdyNAS, however surely it still means that Netgear have full access to the NAS also from a backend perspective?

 

Additionally to this, when using the Desktop Client - is everything transmitted in SSL and are any parts of the documents store temprarily on this netgear server which I see as a bit like a proxy?

 

Thanks

ReadyCLOUD Portal

2 Replies

Replies have been turned off for this discussion
  • StephenB's avatar
    StephenB
    Guru - Experienced User
    Aug 10, 2015

    There is an old (and in my opinion incomplete) KB article on security.  I think it needs updating.   IT departments need a lot more complete disclosure on this stuff than they used to, plus there are some special cases where regulatory requirements need to be met (for instance HIPPA in the US).  As I recall, the article didn't clearly say if the forwarding servers had access to the session encryption key.

     

    Normally a hash of the passwords would be stored in the servers - hopefully Netgear is not storing the passwords themselves (even encrypted that is a bad idea).  But that hardly matters if the forwarding servers are compromised.  

     

    I agree there is a trust relationship formed with Netgear - even if ReadyCloud servers don't decrypt your data, they certainly could.  They are perfectly placed for a man-in-the-middle attack.

     

    There are some other options btw - OwnCloud and OpenVPN in particular.  (Note I'm not claiming that they are more secure, I'm just pointing out they are available.  The customer should do his/her own risk assessment).

    • SuperNASman's avatar
      SuperNASman
      Aspirant
      Jan 10, 2016

      Due to the lack of disclosure and information regarding ReadyCloud security by Netgear the only thing a reasonable client could conclude is that the ReadyCLOUD connection is not secure, and ReadyCLOUD should not be used under circumstances that require secure access.

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More