Data storage deeply permeates our digital lives. It’s something each of us has to contend with. From people backing up their music collections or keeping personal tax records to businesses handling confidential client information, storing data is a challenge, especially security-wise.
That’s where Network Attached Storage has made things much easier. We will look at what NAS actually is, and, more importantly, how it functions. We’ll assess whether it’s a sufficient solution for safe data storage, as well as how NAS security should be ensured. This should result in safer data, fewer cybersecurity breaches, and less stress all around.
What is Network Attached Storage?
Network Attached Storage (NAS) is a common solution for handling shared files on business and academic networks.
In NAS systems, specialist storage drives are used as a simple alternative to standalone servers. This makes it very easy for businesses to distribute information between different teams and departments without the needing to invest into costly IT systems.
These drives sit at the heart of most NAS systems and tend to be pretty simple, comprising a hard disk and an OS intended purely to interface with local network users – and not much more.
What are the pros and cons of NAS?
Why would organizations choose NAS over traditional servers? Generally speaking, there are two major advantages.
First and foremost, Network Attached Storage is usually optimized to deliver the fastest possible speeds. User groups can connect to NAS devices and peruse the data they store, without having to use separate hard disks and server setups.
This also means that NAS systems tend to be much easier to create and maintain, so they will most likely be the most time efficient and convenient networking solution available.
However, this doesn’t necessarily make NAS the best choice for any given network.
NAS has several potential weaknesses which IT managers and companies need to be aware of. These weaknesses can be addressed and mitigated, so let’s assess how severe they are, and how to respond.
What are the most common NAS security issues?
It is important to acknowledge that most NAS systems have in-built defences, for example password authentication. Which means they aren’t totally defenceless. With that being said, there are certain critical threats that NAS users should be aware of.
1. Password security
Sometimes, the authentication procedures incorporated into NAS security systems can be a threat in their own right. When we rely on password security or other forms of authentication, we can become complacent and neglect key risks.
For example, weak passwords can be simply guessed or brute-forced by using digital tools with relative ease. Because NAS servers are connected directly to your network (as well as the internet at large), they can be inherently exposed to possible password hacks.
Moreover, not all organizations operate watertight personal security practices. This can lead to the theft or betrayal of password details or the leaking of data via practices like using work applications on unsecured wifi networks.
So, while NAS security measures help, they can never be sufficient to ensure full data integrity.
2. Leakage from other network devices
NAS servers can be directly or indirectly connected to a vast array of other devices. Usually, this includes computers on the same network. However, smart devices that are connected to the IoT (Internet of Things) can sometimes also be involved.
Recently, security experts have been raising red flags about the IoT connected devices being possibly targeted by hackers, who then use those devices to spread malware across corporate networks.
It’s easy to imagine NAS connected drives becoming infected in this way, potentially handing cyber-attackers unrestricted access to the data those drives hold.
3. Malware and viruses
Concerns are also being raised regarding the possible exposure of NAS to malware and viruses. Perhaps surprisingly, this is not an academic issue. There have been well-documented cases of NAS devices being targeted by malware.
In 2017, an agent called SecureCrypt appeared, which utilized the SambaCry NAS loophole to take control of servers. After encrypting the data on victimized drives, SecureCrypt would demand a BitCoin “tax” to unlock the content, or the drive would be rendered unusable.
This followed the StuxNet attack on Iranian nuclear facilities, which ripped through poorly secured NAS and IoT-enabled devices, showing how even large industrial sites could be taken offline by determined attackers.
4. Command Injection
Another common weakness that NAS is prone to is Command Injection. More importantly, manufacturers increasingly struggle to counteract this vulnerability. Basically, Command Injection attacks allow unauthorized attackers to take control of Network Attached Storage drives, giving them root privileges that only network administrators should possess.
Hackers have reported relatively simple command injection techniques to take control of LG NAS servers, while drives from companies like Buffalo, Western Digital, and ZyXEL have all come under scrutiny.
Hardly any NAS devices have been found to be completely protected against Command Injection attacks.
What can you do to secure your NAS systems?
We know that Network Attached Storage isn’t 100% safe. However, it is still a very convenient and quick solution for businesses and individuals alike. And for many of us, the benefits of easily backing up our data and sharing files with colleagues outweighs the danger of hacking or viruses.
Still, that doesn’t mean we should ignore the risks associated with Network Attached Storae. There are actually some accessible, effective ways to lock down NAS equipment against malicious attackers.
1. Implement strong password security
If you haven’t hammered home the importance of employees regularly changing their passwords and choosing passwords that aren’t easy to guess, this should be the first thing you do.
All-too-often, NAS and other corporate attacks are facilitated by weak security among the people who use targeted networks. So be sure to assess the level of awareness among your staff, and regularly audit their security skills to ensure that standards remain high.
2. Ensure that NAS firmware is routinely updated
Cyber-attackers are always seeking ways to crack NAS firmware, and they tend to succeed eventually. After a few months, virtually no NAS operating system can be considered totally safe, resulting in the need for patches and wholesale overhauls.
As a user, you should receive notifications when patches are available, so don’t ignore them. Make a point of implementing any updates as soon as they become available.
This doesn’t just refer to NAS firmware, by the way. It’s equally important to update your antivirus software. And it helps to have a procedure in place to check that updates are being implemented so that problems can be addressed before they become critical threats.
3. Never use default admin accounts
This might sound self-evident, but it’s important. When NAS servers are installed, they usually provide the option of using the default username “admin.” It might seem like common sense to assign this particular username to the NAS manager. However, doing so would be a big mistake.
You need to make it as hard as possible to crack the login process for any given NAS drive and choosing an easily guessable identity like “admin” is always a poor option.
At the same time, a username like “admin” is like a red rag to every hacker, giving them proper encouragement to go further. Make sure not to tempt them and put as many layers of secure authentication your data and hackers as you can.
4. Make use of your NAS firewall
Most NAS systems come with firewalls, and there’s no reason to turn them off. Firewalls work by registering legitimate users and denying access to anyone else. This makes them are a great first line of defence against possible attackers.
The problem is that many NAS systems don’t actually engage firewalls when they are configured, and users may need to manually set them up. It’s well worth doing so if you want to keep your data secure.
5. Use a VPN whenever you use your NAS
A VPN can be an essential NAS security tool. Top-notch VPNs add a layer of encryption on all online traffic that passes between your network and the web. This means that would-be attackers can’t intercept and sniff out password details or the IP addresses of legitimate users.
VPNs also make it viable to access NAS servers remotely from outside the home or office. Normally, this would be unacceptably risky. But when full encryption and IP anonymization is in place, you can be fairly confident that your data will stay safe and sound.
Create a secure Network Attached Storage setup for your home or business
NAS has found plenty of niches in today’s economy, and it can certainly be a handy data storage solution. But, as we’ve seen, the data held on NAS drives isn’t always as safe as it could be. Using a Virtual Private Network as an insurance policy can make your data that much safer. And in a world where data leaks can destroy business reputations, VPNs can be a vital part of an in-depth cyberdefence strategy.