NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
about admin account
Hi, Is it possible to disable admin account/share on ReadyNAS (6.10.2)? as far as I know in general rule the admin account & share is unsafe, especially accessing via public network. If I am wr...
StephenB wrote:
Leventh wrote:SMB, HTTP and HTTPS
What is the purpose of allowing these to run over the internet?
I don't recommend allowing either SMB or HTTP over the internet. HTTPS is encrypted, but you still need a strong passwords if you enable it remotely. You can require transport encryption for SMB in the NAS, and if for some reason you must use SMB remotely you really need to do that. But I wouldn't (and don't). If for some reason you must use HTTP remotely, then you really need to disable access to the admin interface over HTTP.
If this remote access is just for you, then I recommend deploying a VPN for remote access. Many routers (including Netgear Orbi and Nighthawks) include openVPN, and you can install it on Windows, MacOS, Android, and iOS. That will give you full access to your home network and is much more secure.
If you are providing remote access to others, then another option is to use ReadyCloud or purchase OwnCloud from rnxtras.com (OwnCloud has similar features). ReadyCloud does require you to trust the security of Netgear's cloud servers, and there have been outages/periods of poor performance.
Leventh wrote:The "admin" account is the first weak share that hackers are look in the first stage (and ransomware attacks)
maybe I am wrong, now but I thougt, I've forgotten the HTTPS is secured with SSL encryption isn't it?
So, can it be secure any important data in ReadyNAS (without SSL certificate) goes to public lan & wan?
Just thinking...
The share and the account are different attack vectors. If someone hijacks your admin account (by cracking the password), then they have administrative access to your NAS via https. They can install malware on it, change all the settings using the web interface, etc.
Writing malware or viruses to the admin share can also cause problems, but generally the threat there isn't much different than writing those files to any other share.
HTTPS is encrypted, but that is only part of the story. You still need strong account passwords, and there is still a threat that security vulnerabilities in linux could be used to get into the NAS.
Dear StephenB,
thanks for your valuable explanation and help, I will check it out.
Actually my aim is gain access to my RN214's admin console and it's shares data over WAN from my work office (the NAS is in my home)...
that's why I ask about It's security features, sorry but I am new to Netgear, ReadyNAS products and I need to know some info. of ReadyNAS security features. I also setup ReadyCloud on my iphone and ipad but it did not meet my needs. (at least they are not comfortable like working on big PC screen and OS.)
If it's possible, if you have any information (web link, documention to share) about secure connection over wan for ReadyNAS device (btw. I don't have enough information about VPN connections). I would be grateful for that.
Thanks again.
Configuration:
Netgear RN214 with XOR Bonding
ASUS DSL-N17U vdsl modem/router
Zyxel GS1200-8 web managed gigabit switch, Link aggregation
ASUS ROG B350-I PC with Windows 10 OS.
Leventh wrote:
I also setup ReadyCloud on my iphone and ipad but it did not meet my needs.
I haven't used it for many years myself (it didn't meet my needs either). I use OpenVPN through my Orbi router, and as a backup access method I have Google's RemoteDesktop enabled on one PC. RemoteDesktop gives me access to that PC's screen - not the overall network. So it's not that useful for downloading/uploading a lot of files from the NAS, but it is ok for light use.
I checked the manual for your current router - it looks like it has a VPN server feature, but it is dated (2015 or so), and there isn't any real information on how to set it up. Newer ASUS routers do support openVPN (for instance https://www.asus.com/Networking/DSLAC68U/ ). But I use Netgear routers, so I don't have any direct experience with the ASUS implementation. Likely it is similar.
With Netgear, you download VPN profiles from the router for Android, Windows, MacOS, or iOS, and then apply them after installing the free VPN client app for those operatings systems. Netgear also supplies free DDNS (which you use with OpenVPN, so the client can reach your router using a DNS name instead of using an IP address that will change w/o notice). It is pretty easy to set up. Once it's running, you just turn on the VPN in the client device, and access the NAS (or any other equipment on your home network) as if you were home.
There is a guide for Netgear here: https://kb.netgear.com/29783/How-do-I-use-VPN-service-on-my-Nighthawk-router-with-my-Android-device (Orbi is set up the same way as Nighthawk).
I use ZeroTier for remote access. It's a kind of "parallel VPN" rather than extending your network over the VPN, as is more traditinal (though it can do that, if you choose). The ReadyNAS-specific app is quite old, but still works. Newer versions can be installed via SSH.
Sandshark wrote:
I use ZeroTier for remote access.
That can be harder to figure out (it has features that OpenVPN lacks). You won't need those extras for simple remote access. But it is free (both the ReadyNAS app and the various clients) and doesn't need to you upgrade your router - so perhaps give it a try.
StephenB wrote:
Sandshark wrote:I use ZeroTier for remote access.
That can be harder to figure out (it has features that OpenVPN lacks). You won't need those extras for simple remote access. But it is free (both the ReadyNAS app and the various clients) and doesn't need to you upgrade your router - so perhaps give it a try.
I dig in ZeroTier little bit but it's configuration seems hard to me, I was thinking... I also have a legacy Draytek Vigor 2830n+ dsl/router with firewall, vpn support, so can I use the Asus DSL-N17U as bridge mode to Vigor 2830n+ using it's router, vpn features?
https://www.draytek.com/es/products/products-a-z/router.all/vigor2830-series/
ReadyCLOUD windows app. already have login to admin page over VPN...
I just discovered :smileyhappy:
Leventh wrote:
ReadyCLOUD windows app. already have login to admin page over VPN...
I just discovered :smileyhappy:
Yes, ReadyCloud has a built-in VPN that you can use to access the NAS remotely via ReadyCloud. We did mention that before.
If you find that it isn't working well for you, perhaps post back and we can talk through other options again.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
