Problem solve Get help with specific problems with your technologies, process and projects.

The security risks of opening severs to the Internet to deploy NAS

My organization is in the process of deploying a NAS box (Compaq) that serves up data to Microsoft clients via CIFS and Unix clients via NFS. I am getting pressure to make some of our Web servers, that are reachable from the Internet) clients of NAS. Given the inherent weaknesses in NFS and especially NetBIOS, (Microsoft's implementation of CIFS) isn't this a pretty big security risk?

Is it a common practice to allow Internet-accessible servers to connect to a NAS box? If so, is there any way to mitigate the inherent risks associated with this?

Your assistance is greatly appreciated!

In general, there are always security risks whenever you open up a server to the Internet or an internal network for that matter. Which system is better and which has a security problem changes almost daily and if you read the alarmist writings in the trade press, you'll never do any business. The best thing is to keep up with the patches, especially the security ones, and monitor you system closely for attacks. The Windows NAS, with the appropriate patch levels, is not any more of a security risk than other solutions at present.

Normally, Internet servers do connect to NAS boxes but they are isolated from internal networks. A firewall is used to protect the internal network as another security layer.

Randy Kerns
Evaluator Group, Inc.

Editor's note: Do you agree with this expert's response? If you have more to share, post it in one of our .bphAaR2qhqA^0@/searchstorage>discussion forums.

Dig Deeper on Data center storage

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.