NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Security of ReadyCLOUD vs. Offline, and mobile app
Hello -- I'm looking at buying a 204, 214 or 314 for basic storage use to start with but eventually getting into video streaming, surveilance, etc.. I'm always concerned with data security -- mayb...
Thank you for the thorough answers, Alex!
Thank you for the thorough answers, Alex!
Hi Alex
Are there any plans for Netgear to provide a security whitepaper? I think a lot of people here (especially business users) would find something like that very helpful.
Also, the readycloud web interface still uses unsecured http. That clearly is a security hole that should be fixed.
StephenB wrote:Hi Alex
Are there any plans for Netgear to provide a security whitepaper? I think a lot of people here (especially business users) would find something like that very helpful.
Also, the readycloud web interface still uses unsecured http. That clearly is a security hole that should be fixed.
Hi Stephen,
I'm unaware if there is a security whitepaper in the works. This is something I think we can look into for the future. I also think it is a good idea.
ReadyCLOUD web interface authenticates through HTTPS, if you are remote to the NAS, any transfer to and from the NAS will be encrypted. If you are local to the NAS it transfer over HTTP. It is not a security "hole" as you put it, It is managed a bit different than you might be used to. Even though you see the connection to ReadyCLOUD as HTTP all remote communication to the NAS device will be HTTPS. In other words, the interface appears to show HTTP but the connection to the device is HTTPS encapsulated if client is remote to NAS network.
Regards,
AlexPe
Community SME
AlexPe wrote:
ReadyCLOUD web interface authenticates through HTTPS, if you are remote to the NAS, any transfer to and from the NAS will be encrypted. If you are local to the NAS it transfer over HTTP. It is not a security "hole" as you put it, It is managed a bit different than you might be used to. Even though you see the connection to ReadyCLOUD as HTTP all remote communication to the NAS device will be HTTPS. In other words, the interface appears to show HTTP but the connection to the device is HTTPS encapsulated if client is remote to NAS network.
If I don't have the ReadyCloud app installed on the PC, but am just using http://readycloud.netgear.com to access the files, am I still getting end-to-end encryption when I browse/download/upload files?
If so, that is very good to know (and would be a excellent aspect to point out in a whitepaper).
Stephen,
Yes, if you use the portal, you will be authenticated using HTTPS. If you interact with a NAS share via upload, download or viewing files, this will be encrypted if you are remote to the NAS network. If you are on the local network it will not be encrypted.
I've submitted the request to engineering. It has been picked up we will look to publish a security white paper in the future.
There is no current ETA, if I had to guess I would say sometime in March or April at the very latest.
Regards,
AlexPe
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
