NAS Posted March 27, 2017 Share Posted March 27, 2017 We have to be careful with this. By running essentially a firmware based OS you inherently accept two things relevant to OS security: You will never get security fixes as fast as the upstream OS You place a level of trust that the OS vendor (in this case Limetech LLC) is deciding on your behalf what is a serious risk and what is not. In some ways this breaks with traditional "security in depth" which requires at its core you patch every security issue immediately regardless of perceived threat or more importanly your perception of that threat (since the days that someone can understand all-things-security and know how-all-servers-are-deployed in the wild are long since gone). For these two reason alone unRAID can never by definition be as secure and a non firmware based OS and you should plan your security policy accordingly. However for this cost along with a reduced uptime you get a lot in return not least of which is the ability to reinstall at a whim the whole OS. This is why you need to be careful when discussing CVEs etc because the way you keep your other servers secure cannot be the same as the way you manage unRAID security. There is room for improvement in the current model but it is important to set the scene that unRAID is no longer inherently insecure by design. 1 Quote Link to comment
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.