• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

How many people keep their storage (NAS) on a physically separate LAN (secondary NIC)?

VirtualLarry

VirtualLarry

No Lifer
Toying with doing this, when my 10GbE-T NICs arrive.

It would relieve my mind about intruders accessing the NAS, but some things, like NTP and firmware upgrades would be more complicated.
 
So you mean have a second nic in each system to the nas?

It's an interesting concept, but since most hacking/malware/etc is targeted to the desktop (like all the crypto ransomware), I don't think it would help since each system can see the nas.

Back in the day I had a web server set up at my house and had the files on another system. To avoid any direct hacking from the web, I had 2 nics running two different protocols--one had tcp/ip for the web and another had ipx (or netbeui--can't remember) to the file server. This way, one could not directly hack to the files.

However, if one got access to the system, it didn't matter as the system had access to the files. That's pretty much still the case today.

Now, for bandwidth purposes, sure I would as it would give a dedicated pipe just for the nas. But this would only matter if you've got a log of congestion on your lan to begin with.
 
One of the clients that has "two NICs" can act as a (one-way firewall) router between the NAS-net and the LAN. That solves the NTP, etc issues.


How about virtually separate, with VLANs?

Pro:
* No need for dual NICs.
* No need for separate physical switch.

Con:
* Switch must support VLANs.
* Attacker can hack the VLAN-switch in addition to the "dual-homed" client.


No. Not separate for me. Then again, my NAS is powered off most of the time.
 
From a security standpoint, any online/server based storage is a potential target. This is where offsite and offline backups as well as cold storage backups come into play. The hard part about these type of backups is to make them old enough that any current compromise won't make it to the backup, and make them new enough that you don't lose much when something gets compromised.
 
VirtualLarry said:
Toying with doing this, when my 10GbE-T NICs arrive.

It would relieve my mind about intruders accessing the NAS, but some things, like NTP and firmware upgrades would be more complicated.
Click to expand...


Err you keep hackers out of your network. Also, for home, at most I would vlan.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top