Is the firewall on the ReadyNAS far below acceptable level?

StephenB wrote:
Jaap_van_Ekris wrote: ... This means that even when you have a corporate firewall, putting a system like this in a DMZ will also mean that it will get exposed to serious threats (from other potentially compromised systems)... I believe that ReadyNAS Photos, ReadyNAS remote, ReadyNAS replicate, and Egnyte Cloud Services do not require putting the NAS in the DMZ, or even port forwarding.

Any sane company requires that systems that can be contacted from the outside world, are in a DMZ. ReadyNAS photos can be browsed by external people, so I guess that kind of service would definitely put it in a DMZ. ReadyNAS remote allows users to change files on the server when on the Internet. That is also by definition internet-user controllable and thus ends up in a DMZ. The fact-sheet for the Pro 6 also says you can work through the internet from Unix/Linux, by definition making the ReadyNAS a system that needs some level of security.

Most enterprises I work for require firewalls on every server, including the ones on internal networks. Just to make sure that hackers don't find an open field they can harvest easily when they succeed in breaking the first layers of security. Just having an outside firewall was what we did in the early '90 's.

So it isn't that much of an expectation that when somebody claims to be enterprise ready and builds systems that directly interact with people on the internet, that you have some self-defence build in. As a supplier, you actively have to change default settings of the kernel to break iptables in the way that they did. By default, the kernel compiles netfilter/iptables with limits, mac-filtering and states. When it says Linux, 99% that is what you get. Even my $150 internet-radio's carry a better version of iptables!

And to be honest, I wish you guys would help solve my problem, instead of blaming me for having high expectations of a reputable supplier claiming to deliver business-ready solutions. A lot of the scenario's described in the business cases delivered for SME are totally idiocracy when you consider somebody would buy the "solution" and hook it up to the internet.

Jaap