Post by adam on Aug 30, 2007 1:30:52 GMT 7
I know secure FTP has been listed on the 5200 section but as the 4100+ is the latest product out at the moment, I thought it worth bringing up again here too.
Secure FTP:
Sending any unencrypted traffic over the Internet, let alone access to your own private data storage is daft. I've read that secure file transfer can be achieved (for some models at least) using an SSH plug-in but really it is so fundamental it should be OOTB.
Folder Visibility:
You should be able to limit the folders that the FTP server has access to. At present anyone with any level of access via the FTP server (even worse if public enabled) can see ALL the folders on your NAS. Having to secure them all with passwords isn't particularly practical if you are using the media server because most media players that I know of (uPNP) won't work if the folders are password locked on the NAS. Also, just basic security says that you shouldn't see folders not intended for access.
Audit:
There is no log of either successful or unsuccessful logon attempts nor what files were uploaded / downloaded. Again, this leaves the box open to silent probing which, combined with the inability to restrict which folders the FTP server has access to, greatly weakens the security of the NAS overall.
Thanks,
Adam
Secure FTP:
Sending any unencrypted traffic over the Internet, let alone access to your own private data storage is daft. I've read that secure file transfer can be achieved (for some models at least) using an SSH plug-in but really it is so fundamental it should be OOTB.
Folder Visibility:
You should be able to limit the folders that the FTP server has access to. At present anyone with any level of access via the FTP server (even worse if public enabled) can see ALL the folders on your NAS. Having to secure them all with passwords isn't particularly practical if you are using the media server because most media players that I know of (uPNP) won't work if the folders are password locked on the NAS. Also, just basic security says that you shouldn't see folders not intended for access.
Audit:
There is no log of either successful or unsuccessful logon attempts nor what files were uploaded / downloaded. Again, this leaves the box open to silent probing which, combined with the inability to restrict which folders the FTP server has access to, greatly weakens the security of the NAS overall.
Thanks,
Adam