How can I make my server more secure?
AleXSR
Posts: 14
Hello everyone,
so, I am trying to think of ways to make my NSA325v2 servers more secure.
I was thinking of using FTP and disabling Samba, NFS, all other file sharing methods.
Now I was wondering, if I could make the whole system even more secure by formatting my drives with NTFS or ext4 myself. If I am not mistaken, the NAS will not recognize those drives without me mounting them as JBOD. So the system should not be able to access them on a WebUI level. So it will not be able to grant access to anything through the built-in functions.
But since it is a Linux based system, on a system level, the drives should be mounted, correct? Or at least manually mountable. And then I could run VSFTP as a service.
Would this be possible? Or will this fail for a specific reason?
Curious to hear what your thoughts are on this and whether you can think of a different/better approach
Best regards
Alex
0
All Replies
-
I'm not sure if the 325 can mount ext4, and mounting ntfs will have a performance impact. Further it is possible that the firmware will 'dive on' a disk as soon as you have mounted it. I've seen that when I manually mounted some disk, it became auto shared. (And hard to unmount). Not always, and I don't know what triggered the firmware.When you want to basically ditch all firmware stuff, why wouldn't you install an alternative OS like OpenWRT , Debian or Arch? In that case you don't have to struggle with unwanted features. Just don't install them.
0 -
I was not even aware that OpenWRT was available for my NAS. Can I flash back to stock firmware/OS if it turns out to be a poor decision?
0 -
Can I flash back to stock firmware/OS
Theoretically yes. But of course ZyXEL doesn't give any support for that. It should be enough to put back the original u-boot and it's environment, upload the right uImage over tftp, and boot the box with a firmware upgrade usb stick inserted. OpenWrt replaces u-boot, and I don't know if that still can boot the old ZyXEL kernel, so if you want to be able to go back, at least backup the bootloader and it's environment.
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 149 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 263 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight