For reasons like this I built my own NAS from scratch using a server and ZFS (admittedly using Western Digital red drives). I don’t believe consumer NAS vendors have the capability to properly patch and secure web interfaces and I’d extend this to Synology and QNAP as well.
Additionally NFS and SMB are very complex protocols and difficult to setup correctly. NFS without Kerberos provides only very basic whitelisting security. Adding Kerberos means you need active directory or something like FreeIPA and a scary amount of configuration (DNS server requirements, client side Kerberos config etc). I went down the whole Kerberos route and at the end decided mounting via ssh was far simpler and probably more secure. I would only trust a very technically competent vendor to do this well and don’t know if one exists.
Interesting. That is exactly the route I have gone through: Setting up Active Directory with Samba in a mixed environment (Linux servers and Win 7 clients). I now happily run Linux Mint clients connected via sshfs.
Setting up Kerberos was a nightmare. Also, it is very hard to reason whether your SMB connections are safely encrypted with the specific settings one chooses. The protocols are complicated and the settings opaque. A lot of Stack Overflow is involved.
Yikes. This is why historical responsiveness to this type of issue is so important during vendor selection. WD appears to have left its customers out to dry.
[+] [-] trengrj|8 years ago|reply
Additionally NFS and SMB are very complex protocols and difficult to setup correctly. NFS without Kerberos provides only very basic whitelisting security. Adding Kerberos means you need active directory or something like FreeIPA and a scary amount of configuration (DNS server requirements, client side Kerberos config etc). I went down the whole Kerberos route and at the end decided mounting via ssh was far simpler and probably more secure. I would only trust a very technically competent vendor to do this well and don’t know if one exists.
[+] [-] chopin|8 years ago|reply
Setting up Kerberos was a nightmare. Also, it is very hard to reason whether your SMB connections are safely encrypted with the specific settings one chooses. The protocols are complicated and the settings opaque. A lot of Stack Overflow is involved.
[+] [-] QuinnyPig|8 years ago|reply
[+] [-] tinus_hn|8 years ago|reply