What security issues arise with a NAS solution?
There are several and they depend on the environment you're in. The first (and simplest) is if you use an Ethernet that has other users on it, you could be subject to sniffing or snooping on the network. A NAS device would have the same risks as anything else on the network, including denial of service attacks.
More specific to networked storage are the access controls to the data. Since a NAS is operating as a remote file system and the major advantage is file sharing, controlling the access to the data becomes the major issue. Determination of who has access to data is a combination of administration tasks and software. Typically, an administrator would set up access control lists to identify which users, etc. would have access to the data and then the software on the requesting server is responsible for handling the responses. Windows NT/2000 uses a mechanism called "hard locks" where another access to data that is already being accessed isn't allowed. UNIX systems use "advisory locks" where it's up to the application to not continue the access.
The biggest risk, unfortunately, is in the administration. There's are a lot of requirements here and it's easy to have human error. Obviously, one of the big problems is that the security is not consistently applied in different environments.
This was first published in May 2001