pete25 Posted December 13, 2011 Share Posted December 13, 2011 hi everyone this is probably a really silly question but i wasent sure so thought you wouldnt mind ansering it for me.. can someone els gain access to my unraid files from the internet ? like a hacker or maybe if one of the computers on the network gets infected with a virus can that virus mess other computers up on the network or even mess my unraid up ? all my shares are read only and i change them to read/write when i want to add files then change it back to read only (to prevent accidently deleting files) my setup is very basic. parity 500gb WD green disk1 500gb WD green unraid (latest non beta one) free edition. its plugged into my lan switch made a picture to show you my setup i have not changed any settings in unraid. software is not my strong point. building computers and networks are Link to comment
ashaneil Posted December 13, 2011 Share Posted December 13, 2011 If someone wants to get in, they will always find a way - just depends on how much resources they want to expend on the effort. That said, couple of things you might want check: 1. Make sure that you are not broadcasting your SSID. 2. Change your default SSID to something random (that you would remember) 3. Make sure that you have changed the default login credentials to the wireless router. 4. Make sure that you are not using WEP (more widely supported by older network devices). Use WPA instead. 5. Assuming your wireless router is acting as your DHCP, limit the number of IP address to the total devices active in your household + couple if you want spare for visitors (if it is your internet modem acting as DHCP, change setting there). 6. Use static IP address for internal devices if possible 7. Use MAC address filtering. 8. If you want to be paranoid, run local firewall software on machines w/ internet access. 9. Make sure that your antivirus / malware tool is always updated. 10. Make sure that all your computers are always patched, especially ones with Internet access. Sorry thats all I can think of top of my head but this should be a good starting point. Good Luck! Link to comment
elkay14 Posted December 13, 2011 Share Posted December 13, 2011 Ideally you want a firewall between the cable modem and the rest of your equipment. That wireless router would likely suffice. Any ports you want open from the internet can be forwarded from the router to the needed IP. Link to comment
dgaschk Posted December 13, 2011 Share Posted December 13, 2011 If someone wants to get in, they will always find a way - just depends on how much resources they want to expend on the effort. That said, couple of things you might want check: 1. Make sure that you are not broadcasting your SSID. 2. Change your default SSID to something random (that you would remember) 3. Make sure that you have changed the default login credentials to the wireless router. 4. Make sure that you are not using WEP (more widely supported by older network devices). Use WPA instead. 5. Assuming your wireless router is acting as your DHCP, limit the number of IP address to the total devices active in your household + couple if you want spare for visitors (if it is your internet modem acting as DHCP, change setting there). 6. Use static IP address for internal devices if possible 7. Use MAC address filtering. 8. If you want to be paranoid, run local firewall software on machines w/ internet access. 9. Make sure that your antivirus / malware tool is always updated. 10. Make sure that all your computers are always patched, especially ones with Internet access. Sorry thats all I can think of top of my head but this should be a good starting point. Good Luck! It does pay to be paranoid but items 1,2, 5 and 7 do not help with security. Anyone trying to hack your signal will get around 1,2 and 5 without breaking a sweat. 7 can help somewhat but only if all computers are always on so that all qualified MAC addresses are always responding. Assuming your Internet modem has a firewall you should be fine. Just leave the default firewall setting alone. Link to comment
jumperalex Posted December 13, 2011 Share Posted December 13, 2011 If someone wants to get in, they will always find a way - just depends on how much resources they want to expend on the effort. That said, couple of things you might want check: 1. Make sure that you are not broadcasting your SSID. 2. Change your default SSID to something random (that you would remember) 3. Make sure that you have changed the default login credentials to the wireless router. 4. Make sure that you are not using WEP (more widely supported by older network devices). Use WPA instead. 5. Assuming your wireless router is acting as your DHCP, limit the number of IP address to the total devices active in your household + couple if you want spare for visitors (if it is your internet modem acting as DHCP, change setting there). 6. Use static IP address for internal devices if possible 7. Use MAC address filtering. 8. If you want to be paranoid, run local firewall software on machines w/ internet access. 9. Make sure that your antivirus / malware tool is always updated. 10. Make sure that all your computers are always patched, especially ones with Internet access. Sorry thats all I can think of top of my head but this should be a good starting point. Good Luck! It does pay to be paranoid but items 1,2, 5 and 7 do not help with security. Anyone trying to hack your signal will get around 1,2 and 5 without breaking a sweat. 7 can help somewhat but only if all computers are always on so that all qualified MAC addresses are always responding. Assuming your Internet modem has a firewall you should be fine. Just leave the default firewall setting alone. dgaschk is dead on accurate on 1 and 5. However he soft sells #7 ... it is just as useless as 1 and 5 because any hacker worth his salt can pull a valid mac by listening to traffic and then spoofing the MAC. In fact, even with those other computers on all the time, the attacker can easily kick it off the net long enough to then spoof it. You're only indication will be that your PC is now no longer on the network. #2 is actually a good idea because your SSID is used as "salt" when creating your crypto key. The whole point of salting is to prevent against rainbow attacks. If you are using a common SSID then you are in effect allowing the hacker to use an already pre-compiled rainbow table to hack at your security. And have no doubt, there are rainbow tables already tabulated for "linksys", "verizonfios", "netgear", "default" etc etc Basically if it is a default SSID or common one like "home", "office" there is a rainbow table for it. Beyond that .... So long as your modem/router blocks ports, and you are not forwarding anything you are safe from attack there. Wifi: your risk there is someone getting into your network, and we've already addressed the typical steps above. One other useful option, if your wireless machines don't require access to the rest of your network, is isolating wifi from the rest of the lan. The problem is the way you have things set right now, there is no way for your wifi router to isolate the wifi side from the wired side. You would need to move the wifi router between the modem and the switch. Then wifi can access the net, wired can access the net, but wifi can't access wired. But all of that is moot if your wifi clients need access to things like say ... your UnRaid box (that is my scenario). Once you want to start opening ports on your router for things like Crashplan, Plex, webservers etc (anything you might want to access when not at home) then we are talking a whole new ball of wax and the default unraid answer is: don't do it the haxors they WILL hack you if you don't know what you're doing. Link to comment
kizer Posted December 13, 2011 Share Posted December 13, 2011 - I have my wireless router between my modem and my switch. Gives them two devices to trudge thru. - I don't have my SSID hidden. In my experience I've had several connection issues - Insure your modem and your wireless router have had their passwords changed from the default setup. I don't use the same passwords on both either. LOL - Mac Filtering is a pain in the ass if you have several devices. - Choose a good Password and change it if you even think for a second its been compromised Link to comment
pete25 Posted December 14, 2011 Author Share Posted December 14, 2011 the reason i have the linksis setup the way it is in the pic is because the switch and linksis is upstairs in the home (better wifi signal) but i can acses my unraid by wireless just fine. all passwords have been changed..my ssid name has been changed but not hidden because i had connection problems but everything has been changed.. it sounds like i have already done what i can to secure my network so i should be ok then.. thanks to everyone for your replys least i no now i have done everything i can.. Link to comment
Recommended Posts
Archived
This topic is now archived and is closed to further replies.