NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

Pere99's avatar
Pere99
Aspirant
Dec 29, 2015

Disable C Share Ready NAS

For security reasons I don't like the root "C share" visible and writable

 

I know it's just only for administrator account ( In my case domain administrator) Anyway, I'd like to prevent writable from everywhere.

 

I have IP write protection for all shares, so all my server can write only in his share, Win servers by SMB, Linus server by NFS. But I can write from everywhere  directly throw C share. I think it's a very bas issue.

 

How can I prevent it? Maybe I could be able to allow and deny it by http, but I'll be more pleased if I can do it.

 

There is a Criptolocker panic and i want to sleep every nigth.

 

Thanks

 

Pere

Feature Request & Feedback

3 Replies

Replies have been turned off for this discussion
  • mdgm-ntgr's avatar
    mdgm-ntgr
    NETGEAR Employee Retired
    Dec 29, 2015

    The admin account is only meant to be used for admin purposes.

     

    As far as I'm aware cryptolocker that has infected one of your Windows PCs would target network shares only if you map a network drive to them.

     

    The best protection against Cryptolocker is backups. No important data should be stored on just the one device.

     

    • Pere99's avatar
      Pere99
      Aspirant
      Dec 29, 2015

      Thanks for response.

       

      I think Crytolockers does in mapped and unmmaped networks. But if it doesn't maybe future version will.

       

      I have different backups in ready NAS, separated them some kilometers, but available by network

       

      Take in mind that administrators login in window server for administrative propouses by domain administrator account. So If some of them downloding something in a browser clicks on a chryptolocker link maybe all, all all my backups for all all all my servers can be lost.

       

      I hide shares, and i prevent writing from IPS, so critolocker can't know which shares and I do by IP, make the system so robust.... but I have a "C share" visible and writable! 

       

      I have an account different for admin readyNas, different account than domain account, but the other BIG problem is that C share is visible by administrator domain account!!! 

       

      Security again criptolockers are backups, yes of course! But If there no option to solve "c share" backups should be made in another product than ReadyNas.

       

      Thanks again, I'd like to hide C share, deny writing or a real solution please. Is there a way to change "NAS samba configuration smb.con" or something like that?

       

      Thanks again!!

       

       

       

       

       

      • mdgm-ntgr's avatar
        mdgm-ntgr
        NETGEAR Employee Retired
        Dec 29, 2015

        You could do this using SSH, but there are support implications with using that.

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More