NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
ReadyCLOUD Security
Hi, I was hoping someone could add some clarifty to the security of ReadyCLOUD as I had a question from a customer. If I understand it correctly, you create a ReadyCLOUD user account - which ...
There is an old (and in my opinion incomplete) KB article on security. I think it needs updating. IT departments need a lot more complete disclosure on this stuff than they used to, plus there are some special cases where regulatory requirements need to be met (for instance HIPPA in the US). As I recall, the article didn't clearly say if the forwarding servers had access to the session encryption key.
Normally a hash of the passwords would be stored in the servers - hopefully Netgear is not storing the passwords themselves (even encrypted that is a bad idea). But that hardly matters if the forwarding servers are compromised.
I agree there is a trust relationship formed with Netgear - even if ReadyCloud servers don't decrypt your data, they certainly could. They are perfectly placed for a man-in-the-middle attack.
There are some other options btw - OwnCloud and OpenVPN in particular. (Note I'm not claiming that they are more secure, I'm just pointing out they are available. The customer should do his/her own risk assessment).
Due to the lack of disclosure and information regarding ReadyCloud security by Netgear the only thing a reasonable client could conclude is that the ReadyCLOUD connection is not secure, and ReadyCLOUD should not be used under circumstances that require secure access.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
