× NETGEAR will be terminating ReadyCLOUD service by July 1st, 2023. For more details click here.
Orbi WiFi 7 RBE973
Reply

Help with SECURE access

Pistolpete11
Aspirant

Help with SECURE access

Help please - in simple steps. I have tried reading a lot of the forum points, but they don't address the issues in full for me.

I have been reading on the BBC website about how they reckon people have too open access to NAS and to lock it down. I can't go to the extreme they suggest of only internal access, but I would like to be more secure. I have tried messing about with the settings but this has led to a mish mash of results.

My needs:-
1. Access the NAS (read/write) from two PC's, an iPad and an iPhone within the house.
- when I switched off Guest or Anonymous, I hit issues as it appears to be inconsistent if it asks for a User. Also, when I put guest back in, I now cannot write (edit) Music tracks
on my NAS from iTunes). Do I need to allow access to CIFS and FTP and/or others?
2. Away from the home, I want to be able to access my NAS from my iPhone, my iPad and my Work Laptop - but restrict it so that only these machines or named users
can do this - I seemd to get this to work on my Work PC and iPad but the iPhone didn't like it. However, this didn't work on my Home PC as said above.
3. ReadyNAS Vault still needs it's access for continual backup.
4. Basically - I want to be able to do this without opening up more that I have to or username/password protecting.

I am on an older NAs (ReadyNAS Duo V2 - I think it is SPARC) so using RAIDiator 4.1.13

Please don't just say you need to configyure X on Y as I may need the instruction on how to configure or where to find that.
My PC is Win XP (yes, I now), my Work Laptop is Win 7. I also connect with a Win 8 laptop for backing up
Message 1 of 20
StephenB
Guru

Re: Help with SECURE access

You have a duo v1 (which is a sparc). duo v2 would be arm.

Start with getting the LAN to work correctly first.

You need CIFS for the two pcs. You can certainly turn off guest access. Create a user account for the PCs to use on the NAS with a password, and then go into the control panel in Windows 7, and run the Windows Credential Manager. Add a "windows credential" for the NAS, using the Nas Name, and user/pass you created on the NAS. Search for "windows credentials manager" for XP and win 8, there is a way to enter those credentials on those OS also.

Then go into frontview (the web ui), and select CIFS icon next to each share in the share listing. Then select the "advanced options" tab on the top right. Enter the username you created, and then the group that user was in (likely "USER"). Select "disabled" for "folder everyone rights". Then check the box next to "Set ownership and permission for existing files and folders..." and click apply on the bottom right.

Wait for the pop to complete, and then see if you can access that share.

How are you accessing the NAS from your iphone and ipad today? ReadyRemote? Or some other way?
Message 2 of 20
Pistolpete11
Aspirant

Re: Help with SECURE access

This looks very clear, so thank you for that. It may take me a night or two to get the time to try on all machines.

With the iPad and iPhone, I use ReadyNAS Remote
Message 3 of 20
StephenB
Guru

Re: Help with SECURE access

Ok. There is no reason to change that setup.

You could also use ReadyNAS Remote for the work laptop, or set up ftps. We can circle back to that after you get the LAN working.
Message 4 of 20
Pistolpete11
Aspirant

Re: Help with SECURE access

Limited success so far. Having done what (I think) you meant, at home I can access the NAS using CIFS on my iPad. My XP machine now does not have the required access and iTunes doesn't see the music files on the NAS. This is quite crucial.

For my iPad, I also had Remote working previously, but as you have not yet suggested that part of the setup, I will await that. For my work PC, I was previously using Remote so happy to continue with that.

For the XP machine, I have created the credentials as User Accounts as I think that is the equivalent. This may be my issue?
Message 5 of 20
StephenB
Guru

Re: Help with SECURE access

The credentials should be in User accounts (though I no longer run XP...)

Try opening a CMD window (dos box) and enter

net use * /delete
net use z : \\nasname\sharename /user:username
where
nasname = name of the NAS
sharename = NAS share
username = user credential you entered for NAS

It should prompt you for a password.

If it succeeds, it will map the Z drive letter to the share. If it fails, post the error here.
Message 6 of 20
Pistolpete11
Aspirant

Re: Help with SECURE access

If you are online now, it would be great. NASname seems to be the issue. When I try the cod you suggest, I get System Error 67. the network name cannot be found.
I have tried the name that I see, and IP address to no avail
Message 7 of 20
Pistolpete11
Aspirant

Re: Help with SECURE access

OK, hold the bus. I went back through and tidied it up and I can now use File Browser on my iPad, Windows Explorer on Xp and iTunes with full write access. The part about net use still doesn't work, but does that matter now?

Nothing on the Remote side is working yet, so if you can move on to that I would appreciate it.
Also, I need to be sure that the ReadyNas Vault will still have the necessary access
Message 8 of 20
StephenB
Guru

Re: Help with SECURE access

Well, net use should work, but if you are browsing the NAS with windows file explorer it doesn't matter.

Are you saying ReadyNAS remote is not working any more?
Message 9 of 20
Pistolpete11
Aspirant

Re: Help with SECURE access

Correct. Both my iPhone & IPad get the same result - it appears to connect ok in terms of user name, but does not offer up any shares
Message 10 of 20
StephenB
Guru

Re: Help with SECURE access

What about the work PC?
Message 11 of 20
Pistolpete11
Aspirant

Re: Help with SECURE access

In terms of 'net use' I think the problem is not using the correct Nasname. I've tried everything I could find - is there a definitive place to take it from
Message 12 of 20
Pistolpete11
Aspirant

Re: Help with SECURE access

The work PC had the same issue - I think. As I didn't have the LAN bit working I didn't try too hard. Will try that when I am back in tomorrow
Message 13 of 20
StephenB
Guru

Re: Help with SECURE access

Pistolpete wrote:
In terms of 'net use' I think the problem is not using the correct Nasname. I've tried everything I could find - is there a definitive place to take it from
It should be the name you configured in network interfaces (global settings).

You precede that name with a \\.
Message 14 of 20
Pistolpete11
Aspirant

Re: Help with SECURE access

That is the main one I tried, with no joy. As that side is working maybe best to forget about it and concentrate onRemote & Vault.
Message 15 of 20
Pistolpete11
Aspirant

Re: Help with SECURE access

Update:
I have tried Remote at work on my Work PC and my iPhone.
The iPhone is as it was at home - it seems to sign on OK, but doesn't show any shared folders or files

My Work PC allows me to log in and brings up the NAS in Explorer. When I double click on that it asks for a Username and Password (on my Work domain). I tried adding in the details on Credential Manager with no effect.

I seem to recall that people only got this working by making one of the access tools e.g. CIFS or AFP or FTP to be guest or anonymous. It would not be good if this is the case but I can't see what else to change.
Message 16 of 20
StephenB
Guru

Re: Help with SECURE access

I think your issue is because Remote's usernames don't exist on the NAS. (That is assuming the username you are using is in the Remote "allowed" list). OS6 is a bit different than OS4 on this, perhaps an OS4 remote user will chime in.

Your other option is to use FTPS - which uses an encrypted connection. GoodReader supports it on the iDevices, and FileZilla (among other clients) support it on the PC. This is how I access my files remotely.

You do need to forward about 5 ports to the NAS (one for the control connection, the rest for passive ports). The duo has no option in the GUI to force FTPS, so it will accept normal unencrypted FTP connections. However, if you use FTPS in all your devices, your username/password will not be observable over the network, so if you have a strong password (for both admin and your username) you would still be quite secure. You'd also want a ddns name (noip still offers free ones).

Though many home users are fine with anonymous/guest access on their local LAN, since they are depending on their router and WiFi security (taking a hard edges/soft center approach to security). You were pretty clear that you didn't want that, but it is a viable option if you aren't sharing your network with others.
Message 17 of 20
Pistolpete11
Aspirant

Re: Help with SECURE access

OK, I get that. So I could use guest/anonymous and it will probably work - but I am talking of outside my LAN so I would be opening up the security if I use it. I might try going to guest just to see if it works and then turn it off and investigate alternatives. Yours is one, and I've also just found out about Readycloud, so I'll look and see if that works. I do have ReadyNAS Vault (assuming it is still working) but and I can acces that, but I found Remote much faster and gives me better access.

Thank you very much for you help - it has got my LAN part working and I am clear on this.
Message 18 of 20
StephenB
Guru

Re: Help with SECURE access

The new ReadyCloud stuff is OS6 only.

As far as enabling guest/anonymous goes, if you are using ReadyNAS remote, you still need to log in with the correct username/password. If that is the only way you are accessing the NAS remotely, then it remains secure as long as the ReadyNAS Remote username/password is not compromised.

Local access would be open, but that is only an issue if (a) there are other users on the LAN that you don't want accessing the share or (b) if your router/wifi security were compromised.
Message 19 of 20
Pistolpete11
Aspirant

Re: Help with SECURE access

Ah! the problems of modern technology - within no time at all you are left behind as new versions and new features are not backward compatible even though the kit works fine. I hate to throw away good kit be it my NAS V1 or my iPhone 4 (now sidelined by iOS8).

I'll just have to soldier on.
Message 20 of 20
Top Contributors
Discussion stats
  • 19 replies
  • 2031 views
  • 0 kudos
  • 2 in conversation
Announcements