7 guidelines to secure network storage
These practices, including firmware and VPN guidance, protect NAS devices. Use these steps as standalone procedures or incorporate them into your overall security process.
NAS devices and servers are essential to any enterprise network. NAS is often overlooked in a security strategy, though, because of its unique workload and specifications.
NAS is a scalable and cost-effective way to store corporate data and information. NAS devices also improve the performance of a network because they are dedicated to serving files, which reduces the workload of other networked devices and services. They connect to a network through standard Ethernet connections, so they are vulnerable to attacks like any other device. While they may be physically secure inside a data center, they still require the same updates and patches that other servers and hardware devices need.
However, typical updates and server pack releases from OS vendors often don't apply to NAS devices. These devices exist in a gray area, and they're easily overlooked. Secure network storage with methods like firewalls and regular updates to avoid falling victim to bad actors.
1. Use strong passwords
Protect NAS devices by changing their passwords. Many organizations leave the default passwords because of loose security practices or the need to install them quickly.
This article is part of
What is network-attached storage (NAS)? A complete guide
Enforce password rules. Secure network storage with multi-factor authentication, as it adds an extra layer of protection even if the account information and passwords are stolen.
2. Never use admin login credentials
The default username or login account for most NAS devices is "admin," and assigning it to the NAS manager or superuser may make sense. Cybercriminals know about this oversight and can easily gain access to the device.
Many organizations remove the "admin" account and rely on role-based access controls and user accounts to define who has privileged access to the NAS. Create a generic administrative account with unique identifiers that are difficult for criminals or bad actors to guess.
3. Update NAS firmware regularly
As with most network devices, cybercriminals seem to always succeed and access them eventually. This means that no NAS device is safe after a few months, and the admin should update or patch it regularly. Include NAS devices in regular update plans and procedures so their firmware is protected as soon as possible.
4. Use the NAS firewall
Most NAS devices have built-in firewalls, so there's no reason to turn them off, even if perimeter firewalls and other security measures already protect the network.
Since NAS devices contain privileged information and data, ensure multiple layers of security protect them. Check the NAS device to see if they're on by default. The admin may need to configure it manually and enable the standard firewall rules such as automatic IP address blocking, account protection rules and lockouts after too many failed login attempts.
5. Enable DoS protection
DoS protection is a crucial setting to secure network storage. It might not be enabled by default because of the many false positives it generates. To avoid false positives, add known traffic sources to an accept list and review it regularly to ensure nothing is incorrectly blocked.
6. Secure the connection and ports
Enable HTTPS connections to secure incoming and outgoing traffic. Secured FTP connections are vital if the NAS is in a separate location to the IT team, such as a third-party data center.
Consider closing all unused ports and changing the default ports, such as HTTP, HTTPS and SSH. This prevents lateral attacks if a criminal gains access to the greater network through an IoT device or other unsecured entry point.
7. Use a VPN to connect to the NAS
A VPN can be an essential tool to secure network storage. VPNs add another layer of encryption and security to all online traffic that passes between the NAS and any connected device. Criminals can't intercept it and discover password details, IP addresses or other information of legitimate users. A VPN also improves remote access to NAS servers for easier and more secure use, updates and maintenance.
As an essential part of an enterprise network, NAS servers offer dedicated storage that's scalable, cost-effective, and easy to set up and maintain. However, organizations can easily overlook and forget about them because they just work. Include NAS devices in the security strategy and update procedures to lessen risk.