× NETGEAR will be terminating ReadyCLOUD service by July 1st, 2023. For more details click here.
Orbi WiFi 7 RBE973
Reply

Re: Owncloud security.

The_Garden_Snak
Aspirant

Owncloud security.

Hello.

 

I'm really a novice when it comes to internet security. So i have some questions.

I have installed OwnCloud on my readynas ultra 4. I would like to know if im accessing it securely.

When im accessing my owncloud server i  get a warning from google chrome that the web page is not secure/private because of the security certificate is not trusted. As i understand, this is normal because the nas uses a self signed certificate? But then google tels me that the encryption is SHA1, wich i understand is old and not secure. So here comes the question: Does this make my server voulnerable? Can i upgrade to SHA2 on my readynas to make it more secure?

In chrome web browser, I get a red line over https when accessing my owncloud on the nas, does this mean im not connected with ssl encryption?

 

I have serched around on the web and this forum, but did not find clear answers. Please redirect me if theese questions have been answered elswere on the forum 🙂

Message 1 of 6
Sandshark
Sensei

Re: Owncloud security.

It means that a hacker could potentially intercept your data transfer and decode it, including the user name/password for access.  But that only gets him into OwnCloud, not the whole NAS unless you are sharing it via Owncloud.

 

But do you even have anything on your OwnCloud that would do you harm if a hacker got ahold of it?  And what's the chance that a hacker will even care to try and access your OwnCoud?

Message 2 of 6
The_Garden_Snak
Aspirant

Re: Owncloud security.

Im only sharing OwnCloud. Im in the process of setting this up, so i have not anything on OwnCloud yet. But is there possible to uppgrade to SHA2 on the readynas to make the encryption more secure?

Message 3 of 6
StephenB
Guru

Re: Owncloud security.

FWIW, the most recent estimate I've seen on the cloud computing cost of compromising an SHA-1 certificate is about $100,000.

 

That's certainly affordable if you are going after a commercial domain name.  But I think it's enough to make it unlikely that attackers will target self-signed certs.

 

That said, Netgear should be generating SHA-2.  SHA-1 deprecation has been in the works since 2014.

Message 4 of 6
The_Garden_Snak
Aspirant

Re: Owncloud security.

When you say should, does thay mean they dont generate sha2? Or can i upgrade my readynas in a way?
Message 5 of 6
StephenB
Guru

Re: Owncloud security.

To be more precise, they should stop generating SHA-1.  

 

There is no update available now that will do that.  But as I tried to say before, the risk is minimal right now (unless an attacker is prepared to spend $100k to forge the certificate, and launch some form of man-in-the middle attack against you).

Message 6 of 6
Top Contributors
Discussion stats
  • 5 replies
  • 2370 views
  • 0 kudos
  • 3 in conversation
Announcements