NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
How secure is ReadyNAS Remote/FTP
Hello, I recently purchased a Netgear ReadyNAS Duo V2. I am so far satisfied with the NAS but I do have two questions about the features. The NAS has standard functionality: ReadyNAS Remote Th...
Got it. "Safe" could also have meant reliable.
Security over FTP - the x86 and V1 products will accept ftps connections with explicit TLS. I don't have a v2, but imagine it does as well. This should be secure, assuming you pick a strong password.
However, the NAS will also accept an unencrypted connection, and FTP (unlike FTPS) sends the user/pass in the clear. So if you care about security you need to be careful to always use FTPS in the client.
I haven't seen anything in the forums complaining about other security holes in FTP.
Security over ReadyNAS remote- The connection is encrypted, and Netgear's intent is to provide a secure service. However, the encrypted data is routed through Netgear servers, and the details of the implementation have never been published (or been run through a published security audit) as far as I can see. So it is conceivable that there are vulnerabilities - either in the encryption key exchange, or in the server (if it were hacked). It is essentially impossible for users to sort out whether these hypothetical vulnerabilities exist. And in any event it is only as secure as your user password. This is not to criticize Netgear, essentially all cloud services are in a similar place on this. As a user, you'd need to trust the vendor at the end of the day. I haven't seen any postings in the forum suggesting that their data was compromised due to Readynas remote.
I have seen several posts on the java version used in RAIDar - which is down-rev, and has known security issues.
Personally, I have chosen to open ports for FTP and https. I'm not using ReadyNAS remote much (more due to performance than to security concerns). However, if I wanted the best security I could get, I would invest in a VPN router that was compatible with my laptop, android, and IOS devices.
Security over FTP - the x86 and V1 products will accept ftps connections with explicit TLS. I don't have a v2, but imagine it does as well. This should be secure, assuming you pick a strong password.
However, the NAS will also accept an unencrypted connection, and FTP (unlike FTPS) sends the user/pass in the clear. So if you care about security you need to be careful to always use FTPS in the client.
I haven't seen anything in the forums complaining about other security holes in FTP.
Security over ReadyNAS remote- The connection is encrypted, and Netgear's intent is to provide a secure service. However, the encrypted data is routed through Netgear servers, and the details of the implementation have never been published (or been run through a published security audit) as far as I can see. So it is conceivable that there are vulnerabilities - either in the encryption key exchange, or in the server (if it were hacked). It is essentially impossible for users to sort out whether these hypothetical vulnerabilities exist. And in any event it is only as secure as your user password. This is not to criticize Netgear, essentially all cloud services are in a similar place on this. As a user, you'd need to trust the vendor at the end of the day. I haven't seen any postings in the forum suggesting that their data was compromised due to Readynas remote.
I have seen several posts on the java version used in RAIDar - which is down-rev, and has known security issues.
Personally, I have chosen to open ports for FTP and https. I'm not using ReadyNAS remote much (more due to performance than to security concerns). However, if I wanted the best security I could get, I would invest in a VPN router that was compatible with my laptop, android, and IOS devices.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
