Is the firewall on the ReadyNAS far below acceptable level?

sphardy wrote:
So take a moment to consider that, despite specific (and reasonable) corporate requirements, you invested in equipment with no claim of firewall support and - based totally on your own assumption - instead chose to rely on using an unsupported access method to try to enable a totally unsupported capability.

There are some requirements that are so extremely obvious, that it is almost criminal to sell professional equipment without it. Physical disk sizes, Electric compatibility, EMC, electric safety, etc. are also requirements we have but never check because every serious player always complies, but never takes the effort to report it in the spec-sheet (UL compliance can mean a lot of things when you look at it). Most warn you if they don't comply with expected specs for business use.

On the other hand, Netgear actively shows with all its advertised services (FTP, ReadyNAS Photos, ReadyNAS remote, ReadyNAS replicate, Egnyte Cloud Services) that this is a machine that is intended for connecting to the internet and should be reachable through the internet. And lets be serious here: who would connect a system like that to the internet without firewall?

Putting an extra firewall there isn't the solution. There are very good basic security architecture concepts that dictate that every system should take care of itself. This means that even when you have a corporate firewall, putting a system like this in a DMZ will also mean that it will get exposed to serious threats (from other potentially compromised systems). It is not a question of "if", but "when" this happens. And these security concepts dictate that a NAS like this should hold its own inside the DMZ, preventing the hack of a single system becomming a company-wide hack of your customer facing systems (and potentially your internal systems). So adding another firewall isn't a solution, it isn't even close to a bandaid.

Jaap