Skip to main content

NAS Security Issues

More
16 years 4 weeks ago #28276 by JRSMI17
NAS Security Issues was created by JRSMI17
Hey guys...

I believe this will turn into a couple questions, so please excuse me if this sounds confusing...

Let's say a network had to disable all USB ports on computers due to an auto-run virus that turns on all auto-run features on a computer. All computer loads and software are stored on external Hard Drives so reloading these machines all of a sudden becomes impossible. As a possible solution, the network administrator looks into NAS drives to be connected via Ethernet connection. These drives would be utilized similar to external's, not as a large capacity file share connected at the server.

Questions:

1) How vulnerable are NAS drives to an auto-run attack?

2) Do NAS drives have software that provide security?

3) If I had to sell this option to an administrator, what would my strong and weak points be?

Thanks guys, I appreciate your help on this issue.
JRSMI17
More
16 years 2 weeks ago #28397 by menshaco
Replied by menshaco on topic Re: NAS Security Issues
great
photos
More
15 years 3 weeks ago #32878 by katzebnt
Replied by katzebnt on topic NAS Questions...
1) How vulnerable are NAS drives to an auto-run attack?
NAS drives are not like USB devices, normally when you connect to one there is no "Auto Play" feature in Windows.

2) Do NAS drives have software that provide security?
Yes, but most consumer-grade NAS software shouldn't be trusted with the security of all your data. Normally NAS access and security is dealt with using network and domain security policies (ACLs, LDAP / domain permissions, etc).

3) If I had to sell this option to an administrator, what would my strong and weak points be?
NAS storage is nice because it is accessible network-wide. I don't know what your network infrastructure looks like or how your authentication is set up, but the NAS could possibly be put in another VLAN or subnet to isolate it. A good enterprise level NAS isn't cheap, and that's not including the cost of the drives. $$$ will be (and always is) a main deciding factor.

By the way, you can disable auto-run completely on individual computers in a workgroup environment, and also in a domain environment through group policy.
Time to create page: 0.117 seconds