April 30, 200818 yr I was telling a friend about UNRAID today, and he asked me what stops hackers reading off my drives if they are on 24/7. I had not considered it much before. My router has WPA for Wifi and a firewall, but how easy would it be for someone to access the "tower" from the out side?
April 30, 200818 yr Wow! Paranoia runs deep in some. Having drives on 24x7 makes them no more hacker-accessible than those that are spun-down. As long you practice good security on wireless (like WPA) and have a good firewall, you should be fine. That doesn't mean you are hacker-proof, but the only way to accomplish that is to take your unraid completely offline which, of course, eliminates the reason for having it in the first place. Cheers, Bill
May 1, 200818 yr True, a server can be hacked even if it's just on for a minute a day. However, if you have it turned off when not in use, then it's impossible to be hacked into during that time. It's not necessarily that bad of a thing to do from a security standpoint (I must mention that I leave mine on 24/7 though). Anyways, here's the short of it. If there's a way for you to access your unRAID box remotely (for example, while you're at work), then you probably have an insecure setup. If your unRAID box isn't directly connected to the internet, and you're not forwarding ports to it, then you're pretty safe. If you do have to access it remotely, then start looking into vpn solutions. There are ways to make your setup even more secure. You can have your network segregated, have one part that's allowed to see the internet, and one part that's not (and unRAID is on that part). You can also encrypt any sensitive data, so if your server is hacked they've only gotten access to stuff like vacation pics and the like. It's pretty simple, look into something like TrueCrypt. You can have a disk image stored on unRAID and mount it on your local PC whenever you need access to the files.
May 1, 200818 yr He didn't say having the unraid on 24/7, he said having the drives spinning 24/7. I interpreted this as not spinning down the drives vs. spinning them down. If instead he is talking about leaving the box itself on all the time, then yes, there is a simple direct relationship between "on" time and hacking. Regardless, it is a small differentiation and an even smaller issue - we can't go around being paranoid about being hacked. Just be smart, do the basics, and quit worrying so much. The other thing to point out is ... what the heck does a hacker want with my home photos, ripped DVDs, and music? While there are a handful of folks storing files on their Unraid worthy of being hacked, 99%+ of us are boring. My more critical files (to a hacker) are on my main computer - credit card numbers, passwords, etc. Bill
May 1, 200818 yr If you are worried about attacks this much so 2 things: Stop using wireless. A neighbour could easily be recording all your wireless with a view to breaking the encryption one day. WPA is secure but so was WEP until it wasnt. Disconnect your internet connection every time you dont need it Overlkill? Almost certainly but it is a non technical way to increase you security massively. Otherwise as the previous poster says use common sense. Assume nothing. Always patch. Trust no one. Know your system, know where it is weak, know it well enough to spot when something is wrong. I will leave you with a parting thought.... How often do you review your system logs? Most successful attacks can be stopped by reading your system logs daily? Hackers are invariably noisy for a long time before they are successful.
May 1, 200818 yr The other thing to point out is ... what the heck does a hacker want with my home photos, ripped DVDs, and music? While there are a handful of folks storing files on their Unraid worthy of being hacked, 99%+ of us are boring. My more critical files (to a hacker) are on my main computer - credit card numbers, passwords, etc. Hackers don't always want your photo's dvd,s. More critical sensitive files that could provide a way of giving away identity yes. Some kiddie script hackers generally like to let people know they broke into a system and will usually post some bulletin. Owned by "some slang name". Today's more modern hacker generally goes for control of the station. I.E. Borrow it's resources to build up a bot net. Then add it to a bot net to crack other computers and/or send out spam. As a sysadmin for a hosting company I see these attacks all the time. Sometimes I will let them in just to grab their latest bot. Grab information, passwords, attack methods and add automated methods to block them. Other times hackers will use your broken computer as a resource to allow other people to borrow it's storage. I.E. to store warez or porn. This happened to a friend of mine. She put a computer on the net unprotected for a short period. It was broken into (It was a bastion host anyway). Within hours it was filled up wtih 4GB of porn. Now, getting back to the core question. First and foremost are issues of your network security. If your network is insecure. (open wireless, open ports forwarded to unraid) then you will have issues. unRAID has it's issues regarding security. If you do not set a root password, once anyone gets into your network, They can access the HTTP server and "control" the unRAID environment and status. They can access the FTP server and put or get files. They can access the TELNET server and navigate interactively around your system doing all sorts of nasty things. Therefore it's really important to set the root password If you set a root password the base environment is protected to some degree. If you do not have user level security, I "believe" the shares are accessible with SMB. (Someone correct me if I'm wrong). If you have user level security and the shares are password protected, now your SMB shares are only accessible with the user passwords. I have not enabled either of these yet, however my network is secure and I have all sorts of monitoring going on. I do plan to enable these shortly after my hardware build has been completed. Right now it's a work in progress.
May 1, 200818 yr Wireless is pretty pretty hard to hack right now (talking about using the latest authentication and encryption methods of course) - pretty hard meaning, really impossible to "casual hackers" (please show me a way to hack a WLAN with WPA/AES -maybe even 802.1x-, MAC filtering and DoS/IDS protection mechanisms using equipment that costs less than $20000... or more). All this talk looks to me like the guy that spent thousands of dollars for backups of backups of unRAID arrays of unRAID arrays (or too much money to spend - I can give my address for a better use, like paying my house's mortgage). Anyway, I don't see how would someone spend the time and resources to (try and) hack a house installation. Is someone very famous living there and the array stores naughty videos of him/her? As someone else proposed, switch off your wireless to save yourself from the paranoia. I know I did after my child is born (and maybe for the next year). Of course LAN goes wherever I want already.
May 2, 200818 yr maybe I'm missing something here but isn't there a way to keep unRaid from going online? even when it's part of a LAN that's connected to the internet. I'd only want it to have an internal IP (assigned by the router) without internet access.
May 2, 200818 yr maybe I'm missing something here but isn't there a way to keep unRaid from going online? even when it's part of a LAN that's connected to the internet. I'd only want it to have an internal IP (assigned by the router) without internet access. In a default arrangement, the unraid server will not be available to the internet. Most of the time it will be assigned an internal IP address and unless you do something specifically, it will not be available via a broadband connection. The possibility lies is an insecure wireless LAN. This could be as simple as handing out IP addresses via a DHCP server giving someone access to your network. This would be a mistake made and there are people who do war driving just to get internet access. Once they have done this you can be sure they will browse the network. If they find goodies they will probably want to access some files. Music movies, etc, etc. It could be harder with someone sniffing packets, finding your IP address and getting inside your network on purpose. Third level is someone compromises a windows workstation puts a bot on it that gives them access to other machines on the network. The question here is..... once someone is in your network, no matter how or why is unRAID secure enough. The core question what stops hackers reading off my drives if they are on 24/7. I had not considered it much before. My router has WPA for Wifi and a firewall, but how easy would it be for someone to access the "tower" from the out side? can simply be answered with, it would not be easy to access from the outside if good network security practices are in place (as defined throughout the thread). That being said, you should still consider server level security by Set an initial root password. Enable user level security.
May 2, 200818 yr All this talk looks to me like the guy that spent thousands of dollars for backups of backups of unRAID arrays of unRAID arrays (or too much money to spend - I can give my address for a better use, like paying my house's mortgage).
May 2, 200818 yr weebotech: Chriz: You are missing something. Your LAN IP devices are not accessible through the Internet, unless you ALLOW for this to happen. Only other way for this to happen, is if some other machine in your LAN is compromised and this machine "pushes out" details from your LAN that could potentially harm it.
Archived
This topic is now archived and is closed to further replies.