
	Home > Ask the Storage Technology Experts > Questions & Answers > NAS security

Ask The Storage Expert: Questions & Answers

EMAIL THIS

NAS security

EXPERT RESPONSE FROM: Randy Kerns

		Pose a Question

		Other Storage Categories

		Meet all Storage Experts
		Become an Expert for this site

QUESTION POSED ON: 04 September 2001
To Randy,

I'm struggling trying to understand NAS security. Can you send me a brief and basic explanation of NAS security and how to implement that security further?

Thanks.

Kind regards,

This is a complex subject that just gets more troubling as you dig deeper. There are several layers to consider with security for NAS and not all have to do with NAS itself. From the NAS perspective, you need to look at the access to shared data, the access to administrative functions, the access to the NAS device over a network (any data access), and the security of the individual packets of information that are being transmitted.

The access to shared data is setting up permissions and access control lists to designate who has access to what data and the rules for simultaneous access. Unix systems use what are called advisory level locking while Microsoft CIFS uses what are called hard locks. They are fundamentally different and most NAS devices use one or the other (mapping to whatever they have implemented). It's an administrative task to set up the access controls and easily be overlooked or defaulted to create a significant security risk.

The administrative function on the NAS device also needs to be secure. This means that not just someone with super user privileges can go in and make changes but only an authorized person can and it is verified. Protecting the access for administration includes things like encrypting the passwords, etc. and is definitely needed for a degree of security.

The access to a NAS device over an Ethernet network using IP is also one of the areas that in the past has been exploited for security breaches. Isolating the network, using firewalls, and other mechanisms can help but there may be paths where an "outsider" can penetrate and hack to the device. For this, you need someone very skilled in network security. This can put all data on the NAS device at risk unless you have a protected environment.

Data being altered or monitored in the individual IP packets being transmitted is also a security concern. Devices and software that can do this are readily available. Incidentally, half the security attacks come from within companies so this is a high-risk area. Isolation is still the best plan but may not be practical. Again, a network security specialist should be consulted.

I hope this helps as an introduction to the problem. You need to consider all these and use the different resources available. Those from the NAS vendor you choose are just a part of the answer.

Randy Kerns
Evaluator Group, Inc.

Digg This!

StumbleUpon

Del.icio.us

RELATED RESOURCES

	2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
	Search Bitpipe.com for the latest white papers and business webcasts
	Whatis.com, the online computer dictionary

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

Search for Data Management Tools

View this month\\'s issue and subscribe today.

Apply online for free conference admission.

SEARCH :

Site Index

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2000 - 2009, TechTarget \| Read our Privacy Policy