Avatar of snoopaloop
snoopaloop
Flag for United States of America asked on

webdav security and Netdrive

Hi, I got Webdav setup on a Synology diskstation and use it in conjuntion with NetDrive.   Seems to work pretty well.  THough, I don't know how secure Webdav.   I was also considering using Netdrive for large files like Autocad and Photoshop.  Though, I'm concerned with how it caches data and syncs with the file server.  Anyone uses Netdrive for these purposes and can provide feedback?  Also, any thoughts on security for setting up something similar with my Windows Server clients?  VPN is such a pain to use and I like this alternative but I'm very concerned about security.
Microsoft IIS Web ServerFile Sharing SoftwareOS Security

Avatar of undefined
Last Comment
btan

8/22/2022 - Mon
SOLUTION
btan

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
snoopaloop

ASKER
Awesome response!  Have you used the Synology VPN services?  Is there a significant decline in data throughput when securing with a VPN connection?

I like Cloudsync but shared folders created on the Synology are not synced by Cloudsync for remote connectivity.  So maybe mix of WebDAV, Cloudsync, and securing WebDAV with a VPN connection is ideal.   Oh, and a solid cloud backup for when data gets compromised or destroyed.

Do you recommend any backup that works well Diskstation to Diskstation?  I currently use iDrive for backing up.
SOLUTION
btan

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
snoopaloop

ASKER
Welp, my client got hacked yesterday in what I can only assume to be webdav service exploit.  The hackers reconfigured the uverse router/modem and placed the Diskstation in the DMZ.  I reset the router to factory defaults but the private network was altered again to a different network address scheme as soon I plugged the synology back in.   Right now, the synology and workstations that need access to it are off the internet grid so they can perform their work while I figure out how to resolve this issue.  I created a log that a couple minutes to produce and sent it over to Synology support.   Normally, the log take just a couple seconds to produce.  Anyway, I have since took any other lingering webdav IT clients and removed their Webdav services.


Synology Tickets request...

"Hi,
The Synology was hacked and today was placed out on the DMZ for half the day. Please review the logs. It hasn’t been the same since. I’ve changed the router private IP from the 192.168.1.x network to 172.16.x.x network. The synology repeatedly obtains IPs like 192.168.117.x or 172.16.117.x or something like that. It took a couple minutes to generate the logs. That usually isn’t the case. Please review the attachment. Thanks!"
btan

WebDAV is not secure as shared or in short file hosting unless you are fronted with web app FW, ddos protection etc measures...regardless, check also the patch level for Synology Diskstation and better to clean it up now as exploit is most lying already uploaded into the storage. I suggest focus on recovery and damage containment now...

- Change all password to still any public facing server and router inclusive.
- Check any default account (that should have been disabled or not using the default password) login access brute force attempts..
- Trace of source IP of hacker likely leads no where since it is private IP (instead of the usual public IP that would gone through anonymiser that lead you no where), instead
- Check for VPN user connection during this hacks and can be infected machine (which client is not aware) conducting lateral spreading and found this WebDAV open to it
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
snoopaloop

ASKER
As it turned out the slowness of the synology was due to some rogue Ethernet cable randomly was connected during this network debacle.  It just so happened to be coming from the suite next door and handing out IPs.  This doesn't explain how the synology was placed in the DMZ.  The other office suite would have no clue on how to do that.  

Synology support did not see anything obvious in the logs of it being compromised.  I went ahead and did a double button reset to wipe the OS anyway.  Anyway, it may have been some other form of entry like a workstation. With that said, I don't feel confident re enabling WebDAV services.  I'm hoping a sonicwall w intrusion section services plus VPN will help with securing the network and prevent this type of mishap in the future.
ASKER CERTIFIED SOLUTION
btan

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.