NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
SMB access versus Ransomware
So far I have received three different answers from the Netgear CSR folks. I would appreciate some views from this forum. We have a variety of information that is located on a very large sta...
Thanks StephenB for taking the time to respond. Your view is always appreciated.
I failed to elucide the fact all other data has snapshots for the express purpose of data protection.
As we develop our new plan the idea of non-SMB access apealed to me.
A brute force attack from a local intranet source is a posibility -- I complained about this over six years ago and offered possible suggestions but Netgear refuses to allow the deletion of the admin account. That said, we have disabled the "admin" account on all systems and are using much stronger usernames and passwords -- essentially expotentially increasing the time required for a brute force attack. I would be nice to have a timeout period after 10 or so rejected logons to slow the brute force attack to an impossibly long timeframe. Hint, hint -- possible suggestion?
You mentioned that the Ransomware could reach through the admin's PC -- how would that work?
"If you were hit with ransomware, you'd be dealing with a lot of other issues" is an understatement. I was just wondering about the static information since it did not seem useful to bother to try and reconstruct from a backup -- we would sendout another drive to the site.
Thanks StephenB for taking the time to respond. Your view is always appreciated.
I failed to elucide the fact all other data has snapshots for the express purpose of data protection.
As we develop our new plan the idea of non-SMB access apealed to me.
A brute force attack from a local intranet source is a posibility -- I complained about this over six years ago and offered possible suggestions but Netgear refuses to allow the deletion of the admin account. That said, we have disabled the "admin" account on all systems and are using much stronger usernames and passwords -- essentially expotentially increasing the time required for a brute force attack. I would be nice to have a timeout period after 10 or so rejected logons to slow the brute force attack to an impossibly long timeframe. Hint, hint -- possible suggestion?
You mentioned that the Ransomware could reach through the admin's PC -- how would that work?
"If you were hit with ransomware, you'd be dealing with a lot of other issues" is an understatement. I was just wondering about the static information since it did not seem useful to bother to try and reconstruct from a backup -- we would sendout another drive to the site.
Digital999 wrote:
You mentioned that the Ransomware could reach through the admin's PC -- how would that work?
If the admin browsed to the NAS share using the admin account credentials, then the PC would have write access to the share. Of course if Windows saved the password, then that access would be persistent. Ransomware on that PC would have full access to the share.
Digital999 wrote:
It would be nice to have a timeout period after 10 or so rejected logons to slow the brute force attack to an impossibly long timeframe.
Seems to me that you suggested that a couple of years ago here: https://community.netgear.com/t5/ReadyNAS-Idea-Exchange/Security-Flaw-a-recommendation-for-some-relief/idi-p/1241390
I voted for that idea btw.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
