- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Owncloud security.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Owncloud security.
Hello.
I'm really a novice when it comes to internet security. So i have some questions.
I have installed OwnCloud on my readynas ultra 4. I would like to know if im accessing it securely.
When im accessing my owncloud server i get a warning from google chrome that the web page is not secure/private because of the security certificate is not trusted. As i understand, this is normal because the nas uses a self signed certificate? But then google tels me that the encryption is SHA1, wich i understand is old and not secure. So here comes the question: Does this make my server voulnerable? Can i upgrade to SHA2 on my readynas to make it more secure?
In chrome web browser, I get a red line over https when accessing my owncloud on the nas, does this mean im not connected with ssl encryption?
I have serched around on the web and this forum, but did not find clear answers. Please redirect me if theese questions have been answered elswere on the forum 🙂
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Owncloud security.
It means that a hacker could potentially intercept your data transfer and decode it, including the user name/password for access. But that only gets him into OwnCloud, not the whole NAS unless you are sharing it via Owncloud.
But do you even have anything on your OwnCloud that would do you harm if a hacker got ahold of it? And what's the chance that a hacker will even care to try and access your OwnCoud?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Owncloud security.
Im only sharing OwnCloud. Im in the process of setting this up, so i have not anything on OwnCloud yet. But is there possible to uppgrade to SHA2 on the readynas to make the encryption more secure?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Owncloud security.
FWIW, the most recent estimate I've seen on the cloud computing cost of compromising an SHA-1 certificate is about $100,000.
That's certainly affordable if you are going after a commercial domain name. But I think it's enough to make it unlikely that attackers will target self-signed certs.
That said, Netgear should be generating SHA-2. SHA-1 deprecation has been in the works since 2014.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Owncloud security.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Owncloud security.
To be more precise, they should stop generating SHA-1.
There is no update available now that will do that. But as I tried to say before, the risk is minimal right now (unless an attacker is prepared to spend $100k to forge the certificate, and launch some form of man-in-the middle attack against you).