SDL Episode55

From Paul's Security Weekly
Jump to: navigation, search

Secure Digital Life #55

Recorded on March 6, 2018 at G-Unit Studios in Rhode Island!

Episode Audio

Coming soon!

Hosts

  • Doug White
    Cybersecurity professor, President of Secure Technology, and Security Weekly network host.
  • Topic: ...and now the NAS...

    - What is NAS anyway and why do you need to know about it? -- NAS Is basically localized cloud (the cloud before the cloud) so maybe ground fog, storage.

    - Why do you we need it? NAS is a way to backup and or share files on your local network if you need a larger type of storage (or not so large).

    - Remember backups are not safe from ransomware jumping across shared folders and files.

    - What is a network share? -- In Windows systems this is folder/drive/whatever that is advertised to all people on the layer 2 segment of the network. In Linux, this is a bit more complicated as you have to create mount point and then use some sort of share tool (like CIFS) or something that will actually advertise the files.

    - Linux can easily access windows shares but to use linux you have to work a little bit to get that going. Samba is the sort of gold standard for doing this on hybrid networks

    - Remember, for home use, most Linux is free and Samba is free as well whereas you will have to buy a license for Windows to use it for a file server.

    - In all cases, remember, that your file shares can be seen by anyone who can access the network (even by wifi). So, if your neighbor can access your wifi, they can access your file shares

    - You can set permissions on the file shares just like anything else and you should.

    • Example: You have your dissertation in a folder called dissThis and share it across your house. Someone overwrites it with a file with the same name. Ouch. You did make a backup right?
    There are other approaches in linux and certainly all sorts of management tools.

    - Building a NAS for home use (or office)

    • First, you need to assess who will use the share and what OS will be in use.
    • Many other factors like Active Directory/LDAP and so forth may come into play if you are using complex networks. AD can manage file shares.
    • Then you should decide on several key things:
    1. Roll your own (cheap) or buy something
    2. What OS will run the NAS?
    3. How much storage will I need?
    4. How will that storage be used?
    5. How will I control access to that storage share?

    Roll your own

    FreeNAS is a linux distro that has built in management tools for NAS written in PHP. It has CIFS built into it to share with Windows and even supports Software RAID.

    //Quick Interlude about Hardware vs software raid.


    So, you could take any old box you have and throw some disks in it and run FreeNAS

    Issues: Remember, RAID takes processing power and software RAID is using the CPU instead of hardware Old disks die screaming! (sounds like a Mnemonic but is just the truth)

    This is a certainly a good way to learn and cheap. If you just want to practice buy some old machines on ebay and take the drives (fun in and of itself) and set this up.

    I personally prefer hardware RAID but that gets pricey (note about spindown).

    OS

    I like Linux a lot and it's very versatile in this case. You can do this manually but using things like FREENAS makes it a lot easier to get started.

    - How much storage?

    • Beats me. A LOT is always better but it gets pricey. Remember RAID eats up disk space (see www.raid-calculator.com). 4 8TB drives on RAID six will get you about 16TB. RAID 5 gets you the same with only 3 drives.

    - How will it be used?

    • Is everyone storing movies and pix? Music? Backups? If you are backing up 3 laptops that each have 1TB drives in them. Well, you need more than 3TB of disk space right there. If you want to store more than one copy (you should) then well...more.

    - Access Control

    • Use permissions, logins, and file permissions or you will be sorry!
    • Finally, who will back up the backups?
    1. Def RAID and maybe RAID 6 for old drives.
    2. If you are just using it for backups, well, so long as you still make out of band backups (you could disconnect the NAS) you should be ok.
    3. Danger is you start using the file share for all sorts of things and suddenly you need a backup of your 32 TB backup.


    You can use sites like pc-pitstop.com (NOT PCPITSTOP) for some hardware pr0n fun and spec out giant storage arrays.

    Next Time SQL Injections.