NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Lost contact with NAS after upgrading Windows 10
I have recently upgraded Windows 10 on my computer and after the upgrade I appear to have lost contact with the NAS. When I click "Browse" in RAIDar I get the following error message (translated to E...
Options include
- Installing the SMB 1.0 client on your Windows system. You do this by going into "turn windows features on or off"
- Installing the NFS client in Windows and enable NFS in the NAS.
- Converting your NAS to run OS-6. This is unsupported by Netgear, but would give you SMB 3.0
As I feared, the solution was somewhat above my technical level. I suppose there's no simple way to upgrade the existing system to handle SMB2?
DisNASter wrote:
As I feared, the solution was somewhat above my technical level. I suppose there's no simple way to upgrade the existing system to handle SMB2?
The NAS does have an experimental flag that enabled an early implementation of SMB2. You'd need to use ssh and the linux command line to turn that flag on.
The concerns over SMB1 are more critical for enterprises than they are for home networks. I suggest just installing the SMB1 client for now. Later on you could upgrade to a newer NAS (which would also have up to date security patches), and then re-purpose your current NAS as a backup NAS.
I’m considering the option to upgrade to OS 6, since it only involves changes in the NAS, and in hope that it might extend the life expectancy of the NAS. Is it possible that someone has saved the content of the “specifics” from netgear.nas-central.org/wiki/Con ... ReadyNASOS? I could do with some more detailed instructions.
The specifics on the NAS central page were gleaned from the community such as pages linked to above.
Basically
Backup data
Verify backup is good
Install Prep Add-On via Add-Ons > Add New in web admin GUI.
Install R4toR6 firmware image via System > Update > Local. You will be prompted to reboot and you should accept this.
After the system reboots itself a few times or so the Prep add-on will cause the system to automatically do a factory reset (wipes all data, settings, everything).
If you had not installed the Prep add-on the system would come up eventually in a broken state and you’d need to do a manual factory reset using the boot menu to get things working. On some systems the boot menu isn’t easy to use and it does require physical access to the device (not practical if you are a very long drive, or a flight or more away from the unit).
BIOS Upgrades (mentioned in some threads) are optional. It’s easier to install it whilst still on RAIDiator-x86-4.2.x but do note that if power is disconnected/fails during a BIOS update the system will be bricked.
StephenB wrote:
The concerns over SMB1 are more critical for enterprises than they are for home networks. I suggest just installing the SMB1 client for now. Later on you could upgrade to a newer NAS (which would also have up to date security patches), and then re-purpose your current NAS as a backup NAS.Dear Stephen,
Curiosity question: Are there patches or firmware updates available for these legacy NAS addressing the SAMBA vulnerabilities which caused the security warnings? All the SAMBA SMB 1.0/CIFS fixes and back-ports are available for a longer time, since about the vulnerability warnings.
If not - afraid I can't backing the idea of continue using these legacy NAS models. And here the Microsoft warning from SMBv1 is not installed by default in Windows 10 Fall Creators Update and Windows Server, version 1709 and later versions would apply:
"Important We strongly recommend that you do not reinstall SMBv1. This is because this older protocol has known security issues regarding ransomware and other malware."
Note that other major vendors have backported or updated SAMBA to non-vulnerable SMB 1.0/CIFS implementations for many or decade years old NAS models.
-Kurt.
Certainly there are multiple views on the security aspects, but this is how I see it.
There are other insecure protocols that are commonly deployed on both home networks and enterprise networks. FTP, NFS and even RSYNC are some examples. These are just as problematic as SMB 1.0 - they simply aren't targetted as much by ransomware.
And using SMB 3.0 (or more generally user authenticaton and encryption) doesn't eliminate the threat, it just makes it a bit easier for the attacker. If your home PCs all have write access to the NAS (using saved credentials), then using SMB 3.0 doesn't provide any additional protection at all. Since that's generally the case for home users, I don't see much additional risk in enabling the SMB 1 client on home networks. Enterprises are a different matter, since most user PCs don't have credentials to all of the on-line storage. And SMB should be disabled on public networks (for instance hot spots).
Since disabling SMB 1.0 doesn't mitigate the threat, you still need to account for ransomware attacks in your backup plan and your network security. Anti-malware software on the PCs can help. Disaster recovery is also part of it. Many Cloud backup providers have ransomware detection, and even if they miss it they generally should have enough retention to allow you to roll back to before the attack. Off-site backups are another approach. I've chosen to disable SMB altogether on backup NAS (including my legacy NAS - which are used as tertiary backups) - they only have rsync enabled. If I see the ransomware attack in time, I can disable the backup jobs on those NAS, and that gives me an additional recovery option (likely quicker than recovering everything from the cloud).
schumaku wrote:
Curiosity question: Are there patches or firmware updates available for these legacy NAS addressing the SAMBA vulnerabilities which caused the security warnings? All the SAMBA SMB 1.0/CIFS fixes and back-ports are available for a longer time, since about the vulnerability warnings.
ReadyNAS 4.1.16, 4.2.31 and 5.3.13 were all released on May 30th, 2017, and in all cases the only change was a backport fix for CVE-2017-7494 (https://kb.netgear.com/000038792/RAIDiator-Version-4-1-16-Sparc). This is sometimes called "SambaCry" because it is a similar vulnerability to the one exploited by WannaCry.
So Netgear was backporting Samba fixes before they closed down software on the legacy NAS. They haven't released any firmware since then, and since they've already publicly announced that there will be no more updates I don't expect that to change.
FWIW, SMB isn't the only concern with legacy NAS. There are plenty of other security updates (ssl, apache, etc) that require backporting since the older linux builds are not longer being updated. Backports for Samba wouldn't be enough. Basically it's a bad idea to forward ports to these devices, I don't think it's safe to allow inbound access over the internet.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
