NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Readynas Pro 4 - undo password recovery?
Hi All,
I didn't know my password anymore, so i started 192.168.xx/password_recovery, it says "succes, mail is send" -> but no mail is send.
I read this topic: https://community.netgear.com/t5/Us...
Alfnie wrote:Im not very comfortable with doing OS reinstall without having a proper back up of the data (that is what im doing right now).
It is best to have a backup, so I agree that's worth doing.
Alfnie wrote:
I was wondering, why can you Reset the Admin password with OS reinstall?
Is it true that when the ReadyNAS gets stolen, the thief can simply OS reinstall and access your data?
Note I don't work for Netgear. I'm thinking the feature is there because many people do lose the password - so it is a balance between security and potentially losing your data.
If the NAS is stolen, then it is true that the thief can do the OS reinstall. A thief can also access the data without the admin data in several other ways:
- Just boot the NAS and attempt to access the shares over the network
- Recover the data from nearby (perhaps connected) USB backup disks
- boot the NAS in tech support mode and manually mount the data volume
- Remove the disks and either mount the data volume in a linux PC or use RAID recovery software
Alfnie wrote:
If yes, how can one prevent having others access to the data? What kind of security is required?
You can attempt to physically lock it down somehow.
OS 6 systems support disk encryption, though the encryption key needs to be stored on a USB key. But if that is stolen with the NAS, then of course the data can still be accessed (and if it is secured separately from the NAS, it needs to be put back into the NAS every time you boot it). Your Pro can can be converted to OS-6 if you want - Netgear doesn't support that, but many users have done it.
Another approach is to store particularly sensitive data in an encrypted container. For instance, an encrypted ZIP file or an encrypted iSCSI LUN. Since the decryption is done in the client devices, the containers (including backups) are secure no matter what happens to the NAS. Of course you'd want to use good practices on the encryption keys (strong password, etc).
Alfnie wrote:Im not very comfortable with doing OS reinstall without having a proper back up of the data (that is what im doing right now).
It is best to have a backup, so I agree that's worth doing.
Alfnie wrote:
I was wondering, why can you Reset the Admin password with OS reinstall?
Is it true that when the ReadyNAS gets stolen, the thief can simply OS reinstall and access your data?
Note I don't work for Netgear. I'm thinking the feature is there because many people do lose the password - so it is a balance between security and potentially losing your data.
If the NAS is stolen, then it is true that the thief can do the OS reinstall. A thief can also access the data without the admin data in several other ways:
- Just boot the NAS and attempt to access the shares over the network
- Recover the data from nearby (perhaps connected) USB backup disks
- boot the NAS in tech support mode and manually mount the data volume
- Remove the disks and either mount the data volume in a linux PC or use RAID recovery software
Alfnie wrote:
If yes, how can one prevent having others access to the data? What kind of security is required?
You can attempt to physically lock it down somehow.
OS 6 systems support disk encryption, though the encryption key needs to be stored on a USB key. But if that is stolen with the NAS, then of course the data can still be accessed (and if it is secured separately from the NAS, it needs to be put back into the NAS every time you boot it). Your Pro can can be converted to OS-6 if you want - Netgear doesn't support that, but many users have done it.
Another approach is to store particularly sensitive data in an encrypted container. For instance, an encrypted ZIP file or an encrypted iSCSI LUN. Since the decryption is done in the client devices, the containers (including backups) are secure no matter what happens to the NAS. Of course you'd want to use good practices on the encryption keys (strong password, etc).
I use a VeraCrypt volume for sensitive data. Note that you need to turn Strick Sync off for the share contaiing the Veracrypt volume or it will severly slow down writing to it.
Sandshark wrote:
I use a VeraCrypt volume for sensitive data. Note that you need to turn Strick Sync off for the share contaiing the Veracrypt volume or it will severely slow down writing to it.
I want to ensure access when I'm away from home (and not internet connected), so I keep mine in an encrypted Microsoft VHD (virtual disk) on my laptop. It's backed up to the ReadyNAS as part of the normal PC backup schedule. The VHD isn't normally mounted, and the password isn't saved on the PC.
But VeraCrypt supports multiple users, which is nice. Something to look into this year :smileyhappy:
Yes, but BitLocker is only available on Home and Enterprise versions of Windows, whereas VeraCrypt is avalaible on all Windows versions, Macintosh, and Linux.
Yes, multiple users can access a Veracrypt volume as long as all users mount it in read-only mode.
Sandshark wrote:
Yes, multiple users can access a Veracrypt volume as long as all users mount it in read-only mode.
Good to know. That might also be true with the vhd, I've never tried it.
Getting back to security - using an encrypted container (whatever flavor) protects the data from someone who gets physical access to the NAS (or its disks). It also protects the data from access over the network when the decryption is done in the client PC. Of course the protection depends on the password strength, and you do need to pay attention to announcements about vulnerabilities.
However, this approach won't help you if someone can compromise the PC that is accessing the container. For instance, if a hacker puts a keylogger on the PC, the hacker can see how you access the container (including the password). And the hacker could directly access the data when the encrypted volume is mounted on the client PC.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
