This topic has been marked solved and closed to new posts due to inactivity. We hope you'll join the conversation by posting to an open topic or starting a new one.
Security of ReadyCLOUD vs. Offline, and mobile app
Hello --
I'm looking at buying a 204, 214 or 314 for basic storage use to start with but eventually getting into video streaming, surveilance, etc.. I'm always concerned with data security -- maybe too much so, admittedly -- so I'm seeking more information about how the system/software works. After researching the ReadyNAS info, manuals and forums quite extensively, I'm having difficulty finding specific answers to the following questions below.
-- Should I be concerned with the security of my data/photos using ReadyCLOUD, especially given the hack of Synology a while back? I've read in the manuals that no data is stored on ReadyCLOUD servers, but I'm curious as to how ReadyCLOUD can control data transfer on the ReadyNAS without accessing the data.
-- Will ReadyNAS be fully functional using ReadyCLOUD in the event that my internet service stops, as long as I maintain connectivity to my wi-fi network?
-- If I initially set up the ReadyNAS using ReadyCLOUD, can I then manually turn off ReadyCLOUD to use my ReadyNAS locally-only if I wish?
-- If using the Local Setup Wizard for offline-use only, is RAIDar or the PC app used as the primary software to operate ReadyNAS?
-- Does RAIDar have all of the same functionality as ReadyCLOUD?
-- Will the ReadyCLOUD mobile app still backup photos to the ReadyNAS directly via the wi-fi connection if the ReadyNAS is working in local-only (offline) mode? In other words, does the ReadyCLOUD mobile app connect directly to the ReadyNAS via the home wi-fi network, or are the photos sent via the internet to external Netgear ReadyCLOUD servers before being sent back to my ReadyNAS?
-- Does the automatic backup of photos from mobile devices using the mobile app require any action/steps other than turning on the mobile app?
-- What company provides the free anti-virus protection used on ReadyNAS? Is it possible to use protection from a different company?
-- Has ReadyNAS proven to work flawlessly with Windows 10 from initial setup onward?
Re: Security of ReadyCLOUD vs. Offline, and mobile app
Dear TJP8121,
Thank you for your interesting in NETGEAR ReadyNAS. I understand you have some concerns regarding the security of our ReadyCLOUD service. Let me answer your questions inline.
-- Should I be concerned with the security of my data/photos using ReadyCLOUD, especially given the hack of Synology a while back? I've read in the manuals that no data is stored on ReadyCLOUD servers, but I'm curious as to how ReadyCLOUD can control data transfer on the ReadyNAS without accessing the data.
The Synology attack was very alarming to the NAS community. It was very specific to their configuration. Our ReadyCLOUD service is designed proprietarily for keeping your data secure. It creates a client to box VPN connection from your PC or MAC to your NAS. The ReadyCLOUD service brokers the connection initially and authenticates the ReadyCLOUD Owner/User but that is the extent of the involvement from the service. If you view the data on your nas through the ReadyCLOUD portal site, the viewing of the data is metadata only so there is no actual upload of data to ReadyCLOUD.
-- Will ReadyNAS be fully functional using ReadyCLOUD in the event that my internet service stops, as long as I maintain connectivity to my wi-fi network?
In order for your NAS device to stay connected to ReadyCLOUD it will require that internet access be available to the NAS. There is a local admin page that can be access even when internet access is not available. You can share data through the chrome web browser to your NAS using the Admin page.
-- If I initially set up the ReadyNAS using ReadyCLOUD, can I then manually turn off ReadyCLOUD to use my ReadyNAS locally-only if I wish?
In short, Yes. ReadyCLOUD is not required to manage the NAS locally.
-- If using the Local Setup Wizard for offline-use only, is RAIDar or the PC app used as the primary software to operate ReadyNAS?
RAIDar would be recommended to discover the NAS on the network. It does have some administrative functions but its very minor. The only option for offline use is the local admin page.
-- Does RAIDar have all of the same functionality as ReadyCLOUD?
No, RAIDar has very basic set of controls such as: Browse to shares, Admin Page, Download Logs, Diagnostic, Restart.
-- Will the ReadyCLOUD mobile app still backup photos to the ReadyNAS directly via the wi-fi connection if the ReadyNAS is working in local-only (offline) mode? In other words, does the ReadyCLOUD mobile app connect directly to the ReadyNAS via the home wi-fi network, or are the photos sent via the internet to external Netgear ReadyCLOUD servers before being sent back to my ReadyNAS?
The mobile application will backup photos only if you are able to authenticate to the NAS through the ReadyCLOUD service. The service requires that you have an internet connection. If you do not have an internet connection to broker the connection to your NAS, the photos will cue up until it has a connection to broker a connection to the NAS.
-- Does the automatic backup of photos from mobile devices using the mobile app require any action/steps other than turning on the mobile app?
Yes you will need to specify the location you want to back up the photos too. Other than this initial configuration thats all that should be required.
-- What company provides the free anti-virus protection used on ReadyNAS? Is it possible to use protection from a different company?
Right now we use Commtouch, it is not possible to change vendors.
-- Has ReadyNAS proven to work flawlessly with Windows 10 from initial setup onward?
There was an issue with Windows 10 when it was first released and this has been resolved since. So far there are no reported issues directly for Windows 10 and our NAS devices.
Re: Security of ReadyCLOUD vs. Offline, and mobile app
Hi Alex
Are there any plans for Netgear to provide a security whitepaper? I think a lot of people here (especially business users) would find something like that very helpful.
Also, the readycloud web interface still uses unsecured http. That clearly is a security hole that should be fixed.
Are there any plans for Netgear to provide a security whitepaper? I think a lot of people here (especially business users) would find something like that very helpful.
Also, the readycloud web interface still uses unsecured http. That clearly is a security hole that should be fixed.
Hi Stephen,
I'm unaware if there is a security whitepaper in the works. This is something I think we can look into for the future. I also think it is a good idea.
ReadyCLOUD web interface authenticates through HTTPS, if you are remote to the NAS, any transfer to and from the NAS will be encrypted. If you are local to the NAS it transfer over HTTP. It is not a security "hole" as you put it, It is managed a bit different than you might be used to. Even though you see the connection to ReadyCLOUD as HTTP all remote communication to the NAS device will be HTTPS. In other words, the interface appears to show HTTP but the connection to the device is HTTPS encapsulated if client is remote to NAS network.
ReadyCLOUD web interface authenticates through HTTPS, if you are remote to the NAS, any transfer to and from the NAS will be encrypted. If you are local to the NAS it transfer over HTTP. It is not a security "hole" as you put it, It is managed a bit different than you might be used to. Even though you see the connection to ReadyCLOUD as HTTP all remote communication to the NAS device will be HTTPS. In other words, the interface appears to show HTTP but the connection to the device is HTTPS encapsulated if client is remote to NAS network.
If I don't have the ReadyCloud app installed on the PC, but am just using http://readycloud.netgear.com to access the files, am I still getting end-to-end encryption when I browse/download/upload files?
If so, that is very good to know (and would be a excellent aspect to point out in a whitepaper).
Re: Security of ReadyCLOUD vs. Offline, and mobile app
Stephen,
Yes, if you use the portal, you will be authenticated using HTTPS. If you interact with a NAS share via upload, download or viewing files, this will be encrypted if you are remote to the NAS network. If you are on the local network it will not be encrypted.
I've submitted the request to engineering. It has been picked up we will look to publish a security white paper in the future.
There is no current ETA, if I had to guess I would say sometime in March or April at the very latest.
Re: Security of ReadyCLOUD vs. Offline, and mobile app
Stephen,
I would like to also point out, that the ReadyCLOUD service is not set up for business use. The security that has been configured is for home or personal use cases.
I would like to also point out, that the ReadyCLOUD service is not set up for business use. The security that has been configured is for home or personal use cases.
I am seeing quite a few small business users who are using ReadyCLOUD here.
I'm a home user myself, but I have long wanted much more information on ReadyCLOUD security so I can make an informed decision about whether to use it or not. Not all NAS owners have the knowledge to make those assessments, but I think many can.
FWIW, I'm moving in a different direction (openvpn), in part because that information is simply not available.
