• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

How bad to open port 445?

W

White Widow

Senior member
Bottom line: I want to be able to access my 2TB Iomega NAS while on travel this week. I have a VPN gateway coming from Newegg, but it won't be here in time. How bad is it to open port 445 on my firewall if it's only forwarded to the NAS and not a full Windows PC? There's nothing on the NAS that's particularly sensitive, and all the folders are password protected.

Thanks,
Aaron
 
If you only forward it to the NAS box, then worst case the NAS box becomes compromised. If the data isn't sensitive, then go for it.
 
And if the NAS becomes compromised it can be used as jumping off point to the rest of the network.

But I would be surprised if your ISP doesn't filter inbound CIFS traffic anyway, I believe most do that these days.
 
BAD. Comcast business has no blocks. use a vpn to bridge services man. it's a linux box. hell use ssl tunneling. anything.
 
Emulex said:
BAD. Comcast business has no blocks. use a vpn to bridge services man. it's a linux box. hell use ssl tunneling. anything.
Click to expand...

Of course not, business accounts should have no ports blocked. But the OP makes no mention of paying for a business account or the ISP he's using.
 
As per OP.

Fact 1. I have a VPN gateway coming from Newegg.
Fact 2. There's nothing on the NAS that's particularly sensitive.
Fact 3. All the folders are password protected.

Answer posts.

😱 - 🙁 - 😱 - 😵 -😕 - :twisted: - 😱 - 🙄 - :| - :hmm:

I am Not saying that keeping the port open free is good practice, but given the above facts for short period of time ????

.
 
JackMDS said:
As per OP.

Fact 1. I have a VPN gateway coming from Newegg.
Fact 2. There's nothing on the NAS that's particularly sensitive.
Fact 3. All the folders are password protected.

Answer posts.

😱 - 🙁 - 😱 - 😵 -😕 - :twisted: - 😱 - 🙄 - :| - :hmm:

I am Not saying that keeping the port open free is good practice, but given the above facts for short period of time ????

.
Click to expand...

Fact 2 doesn't matter, if someone breaks into the NAS they could use that as a jumping off point to anything else on the network or just install something to make it a remotely controlled zombie. Lots of people would rather have your bandwidth more than any of your data.

Fact 3 doesn't mean much either, especially if that password is the same as any oother on the network or some other service like GMail.

Sure he might get lucky and have nothing happen, but it only takes a few minutes to get broken into when you put anything unprotected on the Internet.
 
Do you have somebody out of your ISP's network who can do some testing? It would be a shame to think you had it working only to find out otherwise.
IF not:
I would set a strong password for your router and enable remote administration, make sure you had a strong password for your desktop, and set up port forwarding to the desktop but not enable it.
Log in to router, enable port to desktop, log into desktop. Move files as needed.
Turn off port when done.
 
skyking said:
D
I would set a strong password for your router and enable remote administration, make sure you had a strong password for your desktop, and set up port forwarding to the desktop but not enable it.
Log in to router, enable port to desktop, log into desktop. Move files as needed.
Turn off port when done.
Click to expand...

+1

I forgot about this option.

Same can be done for the NAS :thumbsup:

I would also would change the management remote port of the Router to a port of high number (e.g. 63164).


😎
 
if the router is based on FOSS i'd still scan all apps for issued warnings. you know damn well those cheap qnap linux implementations do not get updated with every critical issue (ssh,ftp,apache,etc). so that makes its pretty scarey and a VPN isn't really protection if someone gets in on either side.
 
Why not install hamachi on your Windows 7 PC and then on whatever client computer you are bringing with you? Then you can securely access your NAS (and Win7 computer) without opening any ports to the internet. You'd need to leave your Win7 computer turned on however.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top