Securing Nas drives behind an internal software based firewall
Securing Nas drives behind an internal software based firewall
I have a couple of Nas drives that are wide open for everyone on the network to see
I am wondering if I could have Pc's with two NIC's
One going to normal network and one going to a switch which I would then connect the NAS drives too as well
At least that way I could monitor the firewall
Or is there another solution?
Anwsers on a postcard
Ian.
I have a couple of Nas drives that are wide open for everyone on the network to see
I am wondering if I could have Pc's with two NIC's
One going to normal network and one going to a switch which I would then connect the NAS drives too as well
At least that way I could monitor the firewall
Or is there another solution?
Anwsers on a postcard
Ian.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Jason Johanknecht
If security is your only concern, then you should be looking at replacing your router with a Unified Threat Management (UTM) device. They are costly and have annual support contracts.
ASKER
Can I do that with a Windows 10 Box? How do I make it a gateway?
Ian
Ian
It's not clear what you are using as a "software-based firewall". Does it allow the monitoring you want? What security shortcomings does it have that concern you with regard to the NAS device?
I am also a bit confused. If you want the drives only for you and/or a few users,, why have them as NAS? What does having a NAS buy you? Just put your drives into an external case and hook them up with the fastest connector you have. Maybe SATA. Maybe USB 3. But almost any physical connection to the computer is going to be faster than any NAS drive. And then share those drives to only the people you want to see them. You won't have to change anything on your computer other than to set up shares and add accounts for those you want to be able to get to the drives.
By the way, which NAS drives do you have? The two I have both allow for accounts and only users on the device with accounts are allowed to connect. And you can use the accounts to add or remove access to some or all of the drives. Wouldn't that are easier?
By the way, which NAS drives do you have? The two I have both allow for accounts and only users on the device with accounts are allowed to connect. And you can use the accounts to add or remove access to some or all of the drives. Wouldn't that are easier?
ASKER
I am just exploring idea's - I've been giving free reign to improve security at our work place - But it's a complete can of worms and steep learning curve.
We use Buffalo Terra station, it's doesn't look like I can lock down sub folders to users only the top layer. I've not explored all the feature of the NAS so maybe there something there I can use.
I wanted to put a Windows firewall in between the users and NAS so at least I can use the firewall logs. But couldn't work out exactly how.
But in theory I could use a Linux firewall wouldn't know which one - I also have a couple of spare Cisco routers and a Cisco layer switch which I think may be able to operate at layer 3 I'd need to check.
We use Buffalo Terra station, it's doesn't look like I can lock down sub folders to users only the top layer. I've not explored all the feature of the NAS so maybe there something there I can use.
I wanted to put a Windows firewall in between the users and NAS so at least I can use the firewall logs. But couldn't work out exactly how.
But in theory I could use a Linux firewall wouldn't know which one - I also have a couple of spare Cisco routers and a Cisco layer switch which I think may be able to operate at layer 3 I'd need to check.
So your goal is to share folders, and at the sub folder level change permissions?
Just a warning that this could get confusing as you get years down the road and users change. Update the firmware on the NAS and keep it simple is my recommendation. Control the shares at the top level. Create more shares if you must.
Also you would like to feel it is secure because you can see firewall logs?
A UTM appliance will actively secure your network and give you logs. Are you going to sort through logs every week if you feel nothing is happening on the network? Look into Checkpoint UTM appliances to secure your network.
Just a warning that this could get confusing as you get years down the road and users change. Update the firmware on the NAS and keep it simple is my recommendation. Control the shares at the top level. Create more shares if you must.
Also you would like to feel it is secure because you can see firewall logs?
A UTM appliance will actively secure your network and give you logs. Are you going to sort through logs every week if you feel nothing is happening on the network? Look into Checkpoint UTM appliances to secure your network.
"I've been giving free reign to improve security at our work place - But it's a complete can of worms and steep learning curve."
I'm a bit biased here, but this seems like a good example of where you should find a local IT company and enlist their help in designing and setting up a system. If it is done well, you should be able to do most of the maintenance without their ongoing assistance. You'll likely have a system better suited to your needs as well as having someone to rely on (at a cost, of course) when you run into issues that you can't easily remedy.
I'm a bit biased here, but this seems like a good example of where you should find a local IT company and enlist their help in designing and setting up a system. If it is done well, you should be able to do most of the maintenance without their ongoing assistance. You'll likely have a system better suited to your needs as well as having someone to rely on (at a cost, of course) when you run into issues that you can't easily remedy.
ASKER
Thank I'll sort it - I've in the game for years just a side way step
Thanks for advice though
Thanks for advice though