Hi,Is it possible to disable admin account/share on ReadyNAS (6.10.2)? as far as I know in general rulethe admin account & share is unsafe, especially accessing via public network. If I am wrong, could anybody explain how admin account and it's shares safe with ReadyNAS,because, I could not find any info. in ReadyNAS software manual.Thx.

Zerotier does use a central server as a locator system (and nothing more, your data doesn't flow through it), unless you want to go through the trouble of seting up your own network server (for which the instructions are slim). So, you go to ZeroTier Central (https://my.zerotier.com/) to create an account and a network. The old ReadyNAS app has a GUI that makes connecting to that new network a lot easier, but newer Linux versions installed via SSH just have a command line interface. The PC, Mac, IOS, and Android versions all still have a GUI. Once you install and activate Zerotier on your NAS and devises, you need to authorize them at ZeroTier central, and that will also show their IP addresses. Once you have those, you just use that address instead of the local one.

Leventh wrote: any link or article on zerotier.com or any other place that how to install and activate Zerotier on ReadyNAS and devices? https://community.netgear.com/t5/Using-your-ReadyNAS-in-Business/Setting-up-ZeroTier-to-work-with-your-NAS/m-p/1505730#M142255

Leventh wrote: ReadyCLOUD windows app. already have login to admin page over VPN... I just discovered :smileyhappy: Yes, ReadyCloud has a built-in VPN that you can use to access the NAS remotely via ReadyCloud. We did mention that before. If you find that it isn't working well for you, perhaps post back and we can talk through other options again.

Leventh wrote: Is it possible to disable admin account/share on ReadyNAS (6.10.2)? It is not possible to disable the account. As far as the home share goes, you don't actually need to use it. You can disable all home shares (just turn off all the file sharing protocols for home), but you can't selectively disablt them. Leventh wrote: as far as I know in general rule the admin account & share is unsafe, especially accessing via public network. How are you sharing them on the public network?

StephenB wrote:Leventh wrote:Is it possible to disable admin account/share on ReadyNAS (6.10.2)? It is not possible to disable the account. As far as the home share goes, you don't actually need to use it. You can disable all home shares (just turn off all the file sharing protocols for home), but you can't selectively disablt them. Leventh wrote:as far as I know in general rulethe admin account & share is unsafe, especially accessing via public network. How are you sharing them on the public network?SMB, HTTP and HTTPSThe "admin" account is the first weak share that hackers are look in the first stage (and ransomware attacks)maybe I am wrong, now but I thougt, I've forgotten the HTTPS is secured with SSL encryption isn't it? So, can it be secure any important data in ReadyNAS (without SSL certificate) goes to public lan & wan?Just thinking...

about admin account | NETGEAR Communities

18 Replies

Replies have been turned off for this discussion

StephenB
Guru - Experienced User
Jan 01, 2020
Leventh wrote:
Is it possible to disable admin account/share on ReadyNAS (6.10.2)?

It is not possible to disable the account.

As far as the home share goes, you don't actually need to use it. You can disable all home shares (just turn off all the file sharing protocols for home), but you can't selectively disablt them.

Leventh wrote:

as far as I know in general rule

the admin account & share is unsafe, especially accessing via public network.

How are you sharing them on the public network?
- Leventh
  Apprentice
  Jan 02, 2020
  StephenB wrote:
  Leventh wrote:
  Is it possible to disable admin account/share on ReadyNAS (6.10.2)?
  
  It is not possible to disable the account.
  
  As far as the home share goes, you don't actually need to use it. You can disable all home shares (just turn off all the file sharing protocols for home), but you can't selectively disablt them.
  
  Leventh wrote:
  as far as I know in general rule
  the admin account & share is unsafe, especially accessing via public network.
  
  How are you sharing them on the public network?
  SMB, HTTP and HTTPS
  The "admin" account is the first weak share that hackers are look in the first stage (and ransomware attacks)
  maybe I am wrong, now but I thougt, I've forgotten the HTTPS is secured with SSL encryption isn't it?
  
  So, can it be secure any important data in ReadyNAS (without SSL certificate) goes to public lan & wan?
  Just thinking...
  - StephenB
    Guru - Experienced User
    Jan 02, 2020
    Leventh wrote:
    
    SMB, HTTP and HTTPS
    
    What is the purpose of allowing these to run over the internet?
    
    I don't recommend allowing either SMB or HTTP over the internet. HTTPS is encrypted, but you still need a strong passwords if you enable it remotely. You can require transport encryption for SMB in the NAS, and if for some reason you must use SMB remotely you really need to do that. But I wouldn't (and don't). If for some reason you must use HTTP remotely, then you really need to disable access to the admin interface over HTTP.
    
    If this remote access is just for you, then I recommend deploying a VPN for remote access. Many routers (including Netgear Orbi and Nighthawks) include openVPN, and you can install it on Windows, MacOS, Android, and iOS. That will give you full access to your home network and is much more secure.
    
    If you are providing remote access to others, then another option is to use ReadyCloud or purchase OwnCloud from rnxtras.com (OwnCloud has similar features). ReadyCloud does require you to trust the security of Netgear's cloud servers, and there have been outages/periods of poor performance.
    
    Leventh wrote:
    
    The "admin" account is the first weak share that hackers are look in the first stage (and ransomware attacks)
    
    maybe I am wrong, now but I thougt, I've forgotten the HTTPS is secured with SSL encryption isn't it?
    
    So, can it be secure any important data in ReadyNAS (without SSL certificate) goes to public lan & wan?
    
    Just thinking...
    
    The share and the account are different attack vectors. If someone hijacks your admin account (by cracking the password), then they have administrative access to your NAS via https. They can install malware on it, change all the settings using the web interface, etc.
    
    Writing malware or viruses to the admin share can also cause problems, but generally the threat there isn't much different than writing those files to any other share.
    
    HTTPS is encrypted, but that is only part of the story. You still need strong account passwords, and there is still a threat that security vulnerabilities in linux could be used to get into the NAS.

Forum Discussion

about admin account

18 Replies

Related Content

Admin account locked out - constantly

Account Insight BR500

READYNAS RN104 ADMIN ACCOUNT LOCKOUT

Netgear account password vs. Netgear admin password

Admin Passwort

NETGEAR Academy

ProSupport for Business