NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
ReadyNAS 3312 - Can I use the readyNAS as basically an external enclosure using the eSATA ports?
Running ReadyNAS OS 6.10.4 HotFix 1, but yet again, the OS is based on a distribution that is no longer in support. It is now a Critical vulnerability and I cannot keep the machine on the network. Is there any way I can just use it as an external enclosure or something until NetGear decides to update the ReadyNAS OS to a supported version of Debian?
Thanks for any suggestions.
3 Replies
Replies have been turned off for this discussion
A ReadyNAS cannot be used as an external enclosure per se. It can be directly attached via Ethernet to another device or isolated on a VLAN and then shared by another system.
But you should also fully evaluate the suposed "critical vulnerability". Yes, if you have is accessible to the outside world, then it may present one. You should probably change that. But if it's not, do you really have a potential internal bad actor who could take advantage of said vulnerability or a means by which someone could unintentionally give an external bad actor network access? If you do, I'd say Debian Jessie is only one item on your list of problems.
Netgear just released OS 6.10.5, which they say includes (undisclosed) security enhancements. I don't know if they are backporting anything from a newer release, but they may be, so the fact that it's Debian Jessie "at the core" does not automatically mean it has all the vulnerabilities of generic Jessie. But without Netgear disclosing more detail, it is impossible to assess.
Sandshark wrote:
But you should also fully evaluate the suposed "critical vulnerability".
I'd like to point out that you are assuming ShadowofDeth has the ability to get exceptions to the corporate security policy.
In my own company, that is very difficult to do (by design). They'd rather spend the money to upgrade equipment to meet their security requirements than spending it on labor analyzing the risk of the threats. With ReadyNAS, the only practical way to evaluate security is to do security scans - analyzing CVEs would be extremely difficult. And security scans could easily miss stuff.
I think Netgear hasn't done enough to keep up with Debian distributions.
StephenB wrote:I'd like to point out that you are assuming ShadowofDeth has the ability to get exceptions to the corporate security policy.
I think Netgear hasn't done enough to keep up with Debian distributions.
He didn't mention a corporate environment. That is certainly a consideration. My personal experience is there are few true "network security" experts. They may be an expert in one and know something about the other, but few really fully understand both and many are not true experts in either. Those that are are likely outside the salery range most corporations think they should spend till they are hit with a virus, ransomware, or other catastrophy that cripples their network.
I don't think Netgear has done enough to support business use of the ReadyNAS line, period. I long ago stopped recommending them for business use, but continued to recommend them for home use till they became impossible to find.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
