How can I make my server more secure?
AleXSR
Posts: 14
Hello everyone,
so, I am trying to think of ways to make my NSA325v2 servers more secure.
I was thinking of using FTP and disabling Samba, NFS, all other file sharing methods.
Now I was wondering, if I could make the whole system even more secure by formatting my drives with NTFS or ext4 myself. If I am not mistaken, the NAS will not recognize those drives without me mounting them as JBOD. So the system should not be able to access them on a WebUI level. So it will not be able to grant access to anything through the built-in functions.
But since it is a Linux based system, on a system level, the drives should be mounted, correct? Or at least manually mountable. And then I could run VSFTP as a service.
Would this be possible? Or will this fail for a specific reason?
Curious to hear what your thoughts are on this and whether you can think of a different/better approach 
Best regards
Alex
0
All Replies
-
I'm not sure if the 325 can mount ext4, and mounting ntfs will have a performance impact. Further it is possible that the firmware will 'dive on' a disk as soon as you have mounted it. I've seen that when I manually mounted some disk, it became auto shared. (And hard to unmount). Not always, and I don't know what triggered the firmware.When you want to basically ditch all firmware stuff, why wouldn't you install an alternative OS like OpenWRT , Debian or Arch? In that case you don't have to struggle with unwanted features. Just don't install them.
0 -
I was not even aware that OpenWRT was available for my NAS. Can I flash back to stock firmware/OS if it turns out to be a poor decision?
0 -
Can I flash back to stock firmware/OS
Theoretically yes. But of course ZyXEL doesn't give any support for that. It should be enough to put back the original u-boot and it's environment, upload the right uImage over tftp, and boot the box with a firmware upgrade usb stick inserted. OpenWrt replaces u-boot, and I don't know if that still can boot the old ZyXEL kernel, so if you want to be able to go back, at least backup the bootloader and it's environment.
0
Guru MemberCategories
- 8.5K All Categories
- 1.6K Nebula
- 72 Nebula Ideas
- 57 Nebula Status and Incidents
- 4.5K Security
- 227 Security Ideas
- 983 Switch
- 46 Switch Ideas
- 881 WirelessLAN
- 24 WLAN Ideas
- 5.1K Consumer Product
- 158 Service & License
- 280 News and Release
- 61 Security Advisories
- 13 Education Center
- 581 FAQ
- 263 Nebula FAQ
- 160 Security FAQ
- 76 Switch FAQ
- 75 WirelessLAN FAQ
- 7 Consumer Product FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 62 About Community
- 46 Security Highlight
Consumer Product Help Center
FAQ