Hello,
I am a little concerned about the security of my NAS even though I have taken every precaution possible, such as, disabled default admin account, no ports forwarded, disabled UPNP on router/NAS and change default NAS port. The only thing that I use my NAS for to save family photos/videos and occasionally I backup those files using HBS to my Backblaze B2 account. Would it make sense to just leave the Ethernet cable disconnected until I need to use it via Plex, download updates, or HBS? I have even heard that HBS is not even secure, so I am thinking of installing another syncing option that is available on Qnap Club.
Thank you for any advice!
Disconnecting Ethernet From NAS And Only Connecting To Update
-
- Starting out
- Posts: 33
- Joined: Tue May 19, 2020 2:44 pm
- dolbyman
- Guru
- Posts: 35275
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: Disconnecting Ethernet From NAS And Only Connecting To Update
no...not exposing your NAS to WAN (upnp or manual port forwards) is already very good security for the NAS itself(changed admin, 2FA, is proven to be smoke and mirrors).of course you need to have a backup strategy in place for the NAS..a RAID is NOT a backup
-
- Starting out
- Posts: 33
- Joined: Tue May 19, 2020 2:44 pm
Re: Disconnecting Ethernet From NAS And Only Connecting To Update
Thank you. I only have 1 HDD installed currently, but I am working on adding another so that I can setup RAID. I am also using Backblaze B2 in case my NAS is ever compromised and I only use that as a one way sync from my NAS to the Backblaze server and it only initializes when I tell it to, so that I don't transfer any corrupted files in case I am ever infected.
- dolbyman
- Guru
- Posts: 35275
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: Disconnecting Ethernet From NAS And Only Connecting To Update
well backups that are only done on demand, tend to be forgotten
not sure about backblaze but many file based cloud storage services keep internal history/snapshots in case of accidental or deliberate file alteration
not sure about backblaze but many file based cloud storage services keep internal history/snapshots in case of accidental or deliberate file alteration
-
- Experience counts
- Posts: 1827
- Joined: Tue May 29, 2018 3:02 am
- Location: Ottawa, Ontario, Canada
Re: Disconnecting Ethernet From NAS And Only Connecting To Update
Ot really comes down to how important is the data **TO YOU**. Only you can determine the number and types of redundancy, automated backups, manual backups, cloud syncs etc give YOU enough protection to recover.
I use a hybrid approach not by device, but for the data. For my critical files I run on raid for drive redundancy, then have a love sync to another NAS for hardware redundancy. I then stage backups to the cloud and to 2 further sets of backups or other NAS boxes. I also have a unit I power up once a week for a manual copy and a couple dozen USB drives for storage in safety deposit boxes for long term archiving.
Other data simply gets copied once a night to another volume set.
Much more data falls somewhere between these options.
Rather than just unplugging the Ethernet cable as you suggested, if you that manual strategy as part of your "solution", I find it wise to actually power down the unit and unplug the power brick (for those models that have one) as finding a replacement power brick can be a super big challenge. Slightly longer delay when running the manual backup as plugging in the Ethernet cable is faster than a full boot but gives me a (perhaps false) greater sense of security.
You seem to have taken the basic steps to protect against the majority of threats, but there are always more and newer one lurking. So far the big hits have been for direct attacks but it wouldn't surprise me to see a compromised PC or router used as a vector in the future.
I use a hybrid approach not by device, but for the data. For my critical files I run on raid for drive redundancy, then have a love sync to another NAS for hardware redundancy. I then stage backups to the cloud and to 2 further sets of backups or other NAS boxes. I also have a unit I power up once a week for a manual copy and a couple dozen USB drives for storage in safety deposit boxes for long term archiving.
Other data simply gets copied once a night to another volume set.
Much more data falls somewhere between these options.
Rather than just unplugging the Ethernet cable as you suggested, if you that manual strategy as part of your "solution", I find it wise to actually power down the unit and unplug the power brick (for those models that have one) as finding a replacement power brick can be a super big challenge. Slightly longer delay when running the manual backup as plugging in the Ethernet cable is faster than a full boot but gives me a (perhaps false) greater sense of security.
You seem to have taken the basic steps to protect against the majority of threats, but there are always more and newer one lurking. So far the big hits have been for direct attacks but it wouldn't surprise me to see a compromised PC or router used as a vector in the future.
QNAP TS-563-16G 5x10TB Seagate Ironwolf HDD Raid-5 NIC: 2x1GB 1x10GbE
QNAP TS-231P-US 2x18TB Seagate Exos HDD Raid-1
[Deadbolt and General Ransomware Detection, Prevention, Recovery & MORE]
QNAP TS-231P-US 2x18TB Seagate Exos HDD Raid-1
[Deadbolt and General Ransomware Detection, Prevention, Recovery & MORE]