NAS or Network-Attached Storage, is the perfect solution for local file storage and is usually represented by a data storage server connected to your business’s computer network. The system is specialized for serving files and the maintenance costs are significantly smaller than what you would pay for a Windows Server solution. Even better, it is often more reliable.
If the system is still not clear for you, please take a look at this article concerning small businesses : //www.onsitehelper.com/blog/137-nas-to-replace-your-server/
Because they rarely have issues and hardly ever need rebooting, NAS systems seem to be a very reliable product that you can simply “set and forget”. People expect NASs to run for years without intervention, but this is not the case! These systems need similar attention as you would offer your other servers.
What happens if I don’t take care of my NAS?
The hacker threat
One of the biggest NAS vulnerabilities is represented by their firmware. Because they tend to be forgotten, many companies run NASs with outdated firmware, and this attracts hackers who can easily break in and steal your data.
Recently, two of the largest NAS suppliers for SMB identified a critical issue with older firmware which caused loss of data due to corruption if a faulty hard drive is replaced.
If we consider that the likliness of a hard drive failing in a NAS over an average lifetime of 5 years is extremely high, then we get many companies losing their valuable data.
This is why anyone with half-a-knowledge of IT will always implement a RAID (redundant array of independent disks) setup to safeguard the business. In the event of hard drive failure, the data is replicated across multiple disks so no data would be lost.
However, this system is not bullet-proof either as there was a bug that made the RAID rebuild itself upon the installation of a new drive. This caused corruption in data and some data would be lost. QNAP & Synology Identified the bug and fixed it in a recent firmware update, but businesses must run the update in order to be protected.
Read more about this, here.
Step-by-Step NAS maintenance
First, you should check if there are any firmware updates for your system. They happen quite often, on an average of 2 to 3 per month so make sure to be informed.
Second, check if the RAID system is setup and check the status of the discs (sometimes the RAID is broken and you don’t even know about it). This operation should be performed constantly as hard drives die often and this could mean losing all your data. We recommend assigning someone to monitor the NAS.
Ensure a UPS (Uninterruptible Power Supply) is connected to the NAS and make sure that they can shut down cleanly. If there is a power failure it will enable you to perform a normal shutdown, rather than a rough (and possibly damaging) shutdown. If at all possible, the system should be capable of shutting down automatically before the UPS runs out of backup battery power.
Recommended Security Settings for NAS
Below we listed some of the most important settings you should implement to make sure your data is secure:
- SMB v1 is disabled – Make sure this is disabled as its a known vulnerability where a remote attacker to obtain sensitive information from affected systems.
- Secure remote access via VPN or SSL – make sure users can’t connect remotely via FTP or http without going via a VPN or SSL server page login (VPN/SSL is far more secure)
- Turn off all unnecessary network services – if left enabled, these services increase the server’s vulnerability (e.g telnet, ssh, ftp, upnp, bonjour).
- Turn off all unnecessary applications – increased vulnerability risk and reduced performance (e.g. itunes, dlna, web, radius, backup server, and so on)
- Setup 2-step verification and have it enforced for all remote users is connecting via HTTPS
- Enable an antivirus App on NAS and setup periodic scheduled scans (outside busines hours)
- Enable network Recycle Bin – in case of accidental or intended deletion of files from NAS, you can recover them from Recycle Bin.
- Set IP address block after a number of failed attempts (3-5 recommended) – helps prevent remote dictionary attacks to compromise the NAS
- Make Administrative passwords very complex, with a minimum length of 15 characters – slows down dictionary attacks and makes brute force attacks harder.
- Create Global Groups for all classes of user privilege, and assign users to groups – rights assigned to individual users can be overlooked as it is easier to review group membership than to audit every single user’s rights
- Never assign a right or permission to an individual user – always use a group, even if it is for one account only
- Account Password Restrictions – make sure passwords are enforced to a good standard length of 8 characters, that they are complex, and changed at least every quarter. Very important for remote access to NAS
- Set Auditing Policies (Success/Failure) for the following:
- Lots of failed logon attempts can indicate a hacking attack
- Logon and Logoff – important for tracking user logons. When you set the audit policy, look for strange logon times in the log (is 3 am a common working time?)
- Remove any old/unused/unnecessary user accounts – old accounts should be disabled as soon as is practical after someone leaves
- Periodically evaluate Operator and Administrator Group members – make sure that correct users have access, additional or unexpected users can indicate security issues
- Set Access Control Lists on file system – control access to folders and files as necessary, do not just give blanket access to a whole shared area with full control rights
- Set User Rights – ensure users only have access to the shares files and folders they need
Recommendations for Backups
Even though NASs often have RAID systems to protect the data they store in the event of hard drive failure, this is not enough. There are many situations where you could lose all your data such as:
- Bug in firmware (see the examples above with the QNAP & Synology issue)
- The NAS is destroyed in a fire or a flood
- The NAS is stolen
- The data is corrupted or deleted by Ransomware or user
- The NAS is hacked
Therefore, as with any server, it is recommended to have backups in place (both onsite and offsite). If you don’t know how, we invite you to talk to us about backing up your NAS!
Onsite Helper Managed Services for NAS
Let Onsite Helper manage your NAS to keep it secure and operational! Our Managed Services for NAS offer will ensure the business doesn’t have downtime or data loss as we take ownership of looking after your NAS.
Services we offer are:
- Monitoring your NAS’s health including: hard drives, resource/performance with hardware, and security alerts.
- Regular firmware updates.
- Backup monitoring.
- Local & remote user access to files/folders.
- Password policies.
Speak with our solution specialists to get a quote for Managed Services for your NAS as soon as possible!