NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Secure access to NAS over the Internet
My dauther starts her secondary school in fortnight's time. She'll be living in the other city. I'd like her to be able to make backups of her laptop to the NAS at home and to have access to some shares. Which option is the best/most secure to connect to the NAS from the outside world:
1. ReadyDrop
2. Owncloud
3. VPN + BitTorrent sync?
The most probable network configuration will be like this:
laptop --> NAT --->---Internet--->--- NAT1 (my ISP) ---> NAT2 (my router) ---> NAS
I know ReadyDrop uses the Netgear servers and I don't trust it - for some reasons the service doesn't allow for strong passwords, only letters and numbers.
Owncloud will probably require port redirection at NAT1 and NAT2 which is not a problem but a potential security thread (as I could read at this forum). Correct?
VPN + BitTorrent sync seems the most complex solution but I think I've got it working. My router runs a tomato firmware which allows for OpenVPN server. I've created the certificates and the keys, copied them into the relevant place and was able to make a connectioin from a laptop connected to the second router between the NAT1 and NAT2 (to simulate the connections from the outside):
NAT1 ---> 2nd router (<---laptop) ---> NAT2 ---> NAS
I think I'll still need a port redirection at NAT1 to be able to connect from the laptop, won't I? Are there any other things I need to take into accout while making such connections? Is it what I've done so far enough to securely connect from the outside to the NAS?
Any other options I missed?
1. ReadyDrop
2. Owncloud
3. VPN + BitTorrent sync?
The most probable network configuration will be like this:
laptop --> NAT --->---Internet--->--- NAT1 (my ISP) ---> NAT2 (my router) ---> NAS
I know ReadyDrop uses the Netgear servers and I don't trust it - for some reasons the service doesn't allow for strong passwords, only letters and numbers.
Owncloud will probably require port redirection at NAT1 and NAT2 which is not a problem but a potential security thread (as I could read at this forum). Correct?
VPN + BitTorrent sync seems the most complex solution but I think I've got it working. My router runs a tomato firmware which allows for OpenVPN server. I've created the certificates and the keys, copied them into the relevant place and was able to make a connectioin from a laptop connected to the second router between the NAT1 and NAT2 (to simulate the connections from the outside):
NAT1 ---> 2nd router (<---laptop) ---> NAT2 ---> NAS
I think I'll still need a port redirection at NAT1 to be able to connect from the laptop, won't I? Are there any other things I need to take into accout while making such connections? Is it what I've done so far enough to securely connect from the outside to the NAS?
Any other options I missed?
2 Replies
Replies have been turned off for this discussion
- To the exception of some services like readyNAS remote or bittorent sync you will need to do port forwarding. If you don't trust Netgear servers then a VPN is one of the best options IMO (avoid PPTP which is not secure at all, but L2TP/IPsec, SSL or openVPN should do fine). With a VPN you would be like in your home network, so AFP / SMB are possible. I like bittorent sync, but an rsync job would do the trick pretty well too for backup like any other sync software.
As for NAT, it is only needed when you switch IP address range, so depending on how is configured the VPN you will need to add a NAT entry or not. For port forwarding, it depends on how you get to the NAS. If the NAS IP address is directly accessible (same subnet or routed), port forwarding is unnecessary, if this address is shielded behind another one, you will need to forward.
Now I'd like to know what you call "secure". Security is made from confidentiality (only authorized person have access), integrity (data is as it should be, no unwanted change) and availability (data is accessible when needed).
So if you really want to secure things, you will need to see much more that what you already spoke about.
Given the options proposed, I would privilege bittorent sync + VPN. Owncloud (used without VPN) will require a port forward that will give direct access to the server (which is the NAS I guess ? ) and you seem to want to avoid ReadyCloud services. Anyway VPN + a sync service is a good option, not bullet proof though as if a file is erased from bittorent sync source, it will be erased from destination too. If you use this I would advise to configure bittorent sync to peer with only one IP so that nothing will be sent in clear through internet as bittorent sync is able to pass firewall so the two machines may be able to communicate even without port forward. I'm not sure if bittorent sync has some cyphering protocol or not, so in doubt I would make sure that you use VPN to secure it. - Note that BitTorrent Sync does not require a VPN for secure syncing of her files. You only need the VPN if you also want to provide her with direct access to the NAS as though she's connected to your home network.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
