How can I make my server more secure?

Hello everyone,
so, I am trying to think of ways to make my NSA325v2 servers more secure.
I was thinking of using FTP and disabling Samba, NFS, all other file sharing methods.

Now I was wondering, if I could make the whole system even more secure by formatting my drives with NTFS or ext4 myself. If I am not mistaken, the NAS will not recognize those drives without me mounting them as JBOD. So the system should not be able to access them on a WebUI level. So it will not be able to grant access to anything through the built-in functions.

But since it is a Linux based system, on a system level, the drives should be mounted, correct? Or at least manually mountable. And then I could run VSFTP as a service.

Would this be possible? Or will this fail for a specific reason?

Curious to hear what your thoughts are on this and whether you can think of a different/better approach :)

Best regards

All Replies

  • Mijzelf
    Mijzelf Posts: 2,351
    100 Answers 1000 Comments Friend Collector Fifth Anniversary
     Guru Member
    I'm not sure if the 325 can mount ext4, and mounting ntfs will have a performance impact. Further it is possible that the firmware will 'dive on' a disk as soon as you have mounted it. I've seen that when I manually mounted some disk, it became auto shared. (And hard to unmount). Not always, and I don't know what triggered the firmware.

    When you want to basically ditch all firmware stuff, why wouldn't you install an alternative OS like OpenWRT , Debian or Arch? In that case you don't have to struggle with unwanted features. Just don't install them.

  • AleXSR
    AleXSR Posts: 14
    First Comment
    I was not even aware that OpenWRT was available for my NAS. Can I flash back to stock firmware/OS if it turns out to be a poor decision?
  • Mijzelf
    Mijzelf Posts: 2,351
    100 Answers 1000 Comments Friend Collector Fifth Anniversary
     Guru Member
    Can I flash back to stock firmware/OS

    Theoretically yes. But of course ZyXEL doesn't give any support for that. It should be enough to put back the original u-boot and it's environment, upload the right uImage over tftp, and boot the box with a firmware upgrade usb stick inserted. OpenWrt replaces u-boot, and I don't know if that still can boot the old ZyXEL kernel, so if you want to be able to go back, at least backup the bootloader and it's environment.

Consumer Product Help Center