NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
ReadyCloud security issues
Hi.
I decided to try ReadyCloud with my RN104. So I started ReadyCloud service on device, connected device to my account and right after I was able to see device content on web and mobile. But:
1. why the web browser shows that connection to readycloud.netgear.com/client/index.html is insecure (http instead of https)?
2. why I was still able to browse device content on web browser after I've switched the ReadyCloud service on device off?
TIA
Greg
9 Replies
Replies have been turned off for this discussion
Hi racer841,
Welcome to the Community!
The ReadyCLOUD web portal actually runs on HTTPS, all connections from apps, portal and back-end access are on HTTPS.
The reason that you see HTTP on the web portal is for the NETGEAR home routers where they also connect to ReadyCLOUD. However, due to their specifications they usually are having a hard time maintaining HTTPS connection because of certificates being updated from time to time. So seeing the portal on HTTP is just actually for the routers to be able to use its feature but ensuring back-end and other access is secured using HTTPS and VPN connections.
Regarding the issue#2, can you still view or download those files even when ReadyCLOUD is disabled on the NAS?
Regards,
Hi.
Thanks for the answer, but I can't agree. I've just connected to my NAS from corporate network, where no NETGEAR home routers are in use. The connection to my NAS through readycloud.netgear.com is still insecure (http://readycloud.netgear.com).
Regarding the issue#2, no, I was not able to download files after I've disabled ReadyCLOUD on the NAS.
Regards,
Greg
You misread the response. ReadyCloud is also included on some Netgear home routers, and this restriction is based on what they need to make it work. That you don't have a Netgear home router has nothing to do with it, and the rest of the response explains why you shouold have no concern.
But, frankly, I don't understand why you would use ReadyCloud in that environment. It's intended as a home solution, A corporate network would more likely be using a VPN.
JohnCM_S wrote:The ReadyCLOUD web portal actually runs on HTTPS, all connections from apps, portal and back-end access are on HTTPS.
The reason that you see HTTP on the web portal is for the NETGEAR home routers where they also connect to ReadyCLOUD. However, due to their specifications they usually are having a hard time maintaining HTTPS connection because of certificates being updated from time to time. So seeing the portal on HTTP is just actually for the routers to be able to use its feature but ensuring back-end and other access is secured using HTTPS and VPN connections.
This is exactly the part I never understood - and honestly, there is something essentially wrong. Had discussed this with the designer years ago before Netgear took over the ReadyNAS business ...
The data path is this:
Web Browser <-> http://readycloud.netgear.com/ <-> ReadyCloud cloud infrastructure <-http or https or much more a LeafNetworks "protected" IPv4 tunnel -> ReadyNAS or Netgear Consumer Router
Ok, to make this connection possible, the RedyNAS resp. the Netgear Router does establish a connection to the ReadyCloud cloud infrastructure using the Leaf Networks "tunnel" (yes, Jeff Capone never liked me stating it's a tunnel, but hey...) encapsulating/encrypting the Leaf Networks "borrowed" IPv4 subnet (available at the design time, now also assigned to a real Internet user) - certainly between the ReadyNAS and the ReadyCloud cloud infraructure.
The restriction of the why ever crappy code and certificate handling on the Netgear consumer routers (sigh...) apparently not able to establish a https or secured connection to the cloud infrastructure can't explain why the ReadyNAS (which apparently does based on my investigations on the Intel x64 based units - not sure of this applies to the low power RN1xx).
Let's take the long story short: This does deny using ReadyCloud - certainly the Web portal which does indeed forced to http only - usage in todays Internet world.... even shorter: It's a DEAD HORSE.
Hi racer841,
We’d greatly appreciate hearing your feedback letting us know if the information we provided has helped resolve your issue or if you need further assistance.
If your issue is now resolved, we encourage you to mark the appropriate reply as the “Accept as Solution” or post what resolved it and mark it as a solution so others can be confident in benefiting from the solution.
The NETGEAR community looks forward to hearing from you and being a helpful resource in the future!
Regards,
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
