My organization is in the process of deploying a NAS box (Compaq) that serves up data to Microsoft clients via CIFS and Unix clients via NFS. I am getting pressure to make some of our Web servers, that are reachable from the Internet) clients of NAS. Given the inherent weaknesses in NFS and especially NetBIOS, (Microsoft's implementation of CIFS) isn't this a pretty big security risk?
Is it a common practice to allow Internet-accessible servers to connect to a NAS box? If so, is there any way to mitigate the inherent risks associated with this?
Your assistance is greatly appreciated!
In general, there are always security risks whenever you open up a server to the Internet or an internal network for that matter. Which system is better and which has a security problem changes almost daily and if you read the alarmist writings in the trade press, you'll never do any business. The best thing is to keep up with the patches, especially the security ones, and monitor you system closely for attacks. The Windows NAS, with the appropriate patch levels, is not any more of a security risk than other solutions at present.
Normally, Internet servers do connect to NAS boxes but they are isolated from internal networks. A firewall is used to protect the internal network as another security layer.
Evaluator Group, Inc.
Editor's note: Do you agree with this expert's response? If you have more to share, post it in one of our .bphAaR2qhqA^0@/searchstorage>discussion forums.
This was first published in November 2002