How can I make my server more secure?
AleXSR
Posts: 14
Hello everyone,
so, I am trying to think of ways to make my NSA325v2 servers more secure.
I was thinking of using FTP and disabling Samba, NFS, all other file sharing methods.
Now I was wondering, if I could make the whole system even more secure by formatting my drives with NTFS or ext4 myself. If I am not mistaken, the NAS will not recognize those drives without me mounting them as JBOD. So the system should not be able to access them on a WebUI level. So it will not be able to grant access to anything through the built-in functions.
But since it is a Linux based system, on a system level, the drives should be mounted, correct? Or at least manually mountable. And then I could run VSFTP as a service.
Would this be possible? Or will this fail for a specific reason?
Curious to hear what your thoughts are on this and whether you can think of a different/better approach 
Best regards
Alex
0
All Replies
-
I'm not sure if the 325 can mount ext4, and mounting ntfs will have a performance impact. Further it is possible that the firmware will 'dive on' a disk as soon as you have mounted it. I've seen that when I manually mounted some disk, it became auto shared. (And hard to unmount). Not always, and I don't know what triggered the firmware.When you want to basically ditch all firmware stuff, why wouldn't you install an alternative OS like OpenWRT , Debian or Arch? In that case you don't have to struggle with unwanted features. Just don't install them.
0 -
I was not even aware that OpenWRT was available for my NAS. Can I flash back to stock firmware/OS if it turns out to be a poor decision?
0 -
Can I flash back to stock firmware/OS
Theoretically yes. But of course ZyXEL doesn't give any support for that. It should be enough to put back the original u-boot and it's environment, upload the right uImage over tftp, and boot the box with a firmware upgrade usb stick inserted. OpenWrt replaces u-boot, and I don't know if that still can boot the old ZyXEL kernel, so if you want to be able to go back, at least backup the bootloader and it's environment.
0
Guru MemberCategories
- All Categories
- 164 Beta Program
- 1.7K Nebula
- 86 Nebula Ideas
- 62 Nebula Status and Incidents
- 4.7K Security
- 236 Security Ideas
- 1.1K Switch
- 50 Switch Ideas
- 908 WirelessLAN
- 27 WLAN Ideas
- 5.3K Consumer Product
- 172 Service & License
- 294 News and Release
- 65 Security Advisories
- 14 Education Center
- 911 FAQ
- 399 Nebula FAQ
- 249 Security FAQ
- 90 Switch FAQ
- 100 WirelessLAN FAQ
- 18 Consumer Product FAQ
- 55 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 68 About Community
- 51 Security Highlight
Consumer Product Help Center
FAQ