Protecting Network Attached Storage

Network Attached Storage (NAS) devices are devices that are independent of computers and servers on a network. Generally network area storage devices contain their own operating system and multiple hard drives. These devices act as a repository or area that data files, backups and other forms of information are stored. These storage devices allow for the sharing of these data files across your network. NAS devices have their own internet protocol (IP) address and communicate across a standard ethernet network interface (onboard NIC card) card.

NAS devices are often overlooked when updates and patches are applied to secure your network. Normal patches and services packs from operating system vendors don't apply to the protection of most NAS devices. The primary protection of these devices fall into the following areas.

• Physical Security
• General Network Security
• Firmware and Software Settings
• Access Control Lists

Physical Security of these devices fall into the same category as servers. Because NAS devices are servers, these devices should be locked away in a server room and limited access to this room should be monitored. This physical security should include the protection of reset buttons (as simple as this sounds) and any interface buttons and controls. Lower end NAS devices can be reset and data damaged by controls on the interface of the device. The devices are also subseptible to heat and other environmental conditions. With hard drives becoming larger, these drives can hold a tremendous amount of data.

Many devices are small yet can contain many terabytes of data. This also makes the drives prone to theft.

NAS devices are in essence a small server that contains an operating system, network interface card(s) and storage. These devices contain a network card that uses the IP protocol and should be monitored for traffic flowing in and out of the device. SMTP (email) alerts and logs need to be enabled on all of these devices.

Following traditional networking security methods, system administrators should make sure these devices are NATed behind the company's physical firewall with a private IP address.

Often overlooked, NAS devices have firmware onboard. Most systems administrators and network analyst install NAS devices and forget about the devices. A vendor's research and development department look for and are advised of security issues that may involve the software and firmware on NAS devices.

These information technology professionals should look for updates on firmware and weigh the age and obsolescence of these storage devices. If network area storage devices are no longer supported by vendors, these administrators should look at the 'what ifs' involving older firmware,software and security.

The management of these devices often involve the creation of network shares that are both public and user specific (Role Based Access Control (RBAC)). The default administrator password should be changed on the initialization of these devices. You should also create complex passwords for users and the information should be protected by looking at each users role in the organization.

Many NAS devices are being outdated by newer operating systems. When Microsoft's Windows Vista began showing up in corporations, networking problems and woes began to show up against some network area storage devices.

NTLM is a Microsoft authentication protocol that is used with the SMB (Server Message Block that operates at the application level protocol) protocol.

On a Windows Vista Computer

select Administrative Tools->Local Security Policy.

Select Local Policies->Security Options->Network security->LAN Manager authentication level.

Select this and use the drop down to change it to:

Use the setting “Send LM & NTLM - use NTLM v.2 if negotiated”

Losing connectivity to these devices can cause a security issue.

In conclusion, these nodes on your network cannot be forgotten about. Network attached storage devices should have their administrator password changed to a complex password, be phycially locked away with your servers, be monitored and access should be limited to specific users. Systems administrators should review the firmware, age and update these devices as soon as possible. With data breaches at an all time high, the most secure network can have vulnerabilities that hold their most critical data if these devices are not up to date and monitored.