Everything you say is 100% true, but be sure to keep the OS up to date if you expose any IP addresses (security cameras, etc) to the world at large. NAS boxes are just about the highest of high-value targets.
Commercial consumer NAS boxes are notoriously bad wrt security though, even firewalled. Apple Airport Extreme is probably the only one with a decent track record (and I say this as someone who doesn't use Apple products).
A NAS box is going to get hacked (X), have backups neglected/misconfigured/misdelegated and then have data accidentally deleted or experience disk crashes, etc. You can improve your chances by investing time and energy on taking good care of it, but even then you can still get bitten.
(X) devices from both vendors you mentioned are pretty frequent victims
If you don’t mind the security, off-the-shelf NAS boxes, such as synology, offer all kinds of self hosting applications that you might need. Photos, videos, plex, backups, torrent, MS office replacement, chat, git, etc.
But, boy, they have huge attack surface, with so much PHP code, web servers, databases, etc running on the box.
I just use two RAIDed NAS boxes, one as a long term, large file media/data store and another for small files on SSD RAID. All my comps are now dumb terminals, booting an OS and software. Works well and was surprisingly cheap for what is essentially a complete, hassle free system.
I have a QNAP NAS device with a bunch of storage. PPoE gigabit switch. A few ReoLink hardwired cameras pointed at all the entrances to my house. My QNAP device has a free NVR app that detects the cameras on the network and saves the recordings to the NAS. It's pretty simple and I don't have to worry about shady cloud-based devices.
Whilst this is true, many NAS boxes do remain vulnerable and tend to have features that encourage users to make them world accessible (such as media servers).
Yep. I have a more modest setup but the amount of media I've ripped from owned CDs/DVDs and the number of raw photos far outweighs the handful of pirated movies I've picked up over the years.
Mainly I use my NAS as a bit of protection against losing those files that would be difficult or impossible to recover if my local storage in the workstation failed. Online backup is good too but for quicker or more frequent access, a NAS fills the gap nicely.
The other big storage hog is security cam video. There are occasional reports of burglaries in my neighborhood and sometimes I just like to know if a package was ever dropped off or someone bumped the car while parallel parking. So I picked up a couple of inexpensive IP cameras and rather than shelling out monthly for some unreliable and potentially insecure "cloud" storage plan, I use Synology's Surveillance Station IP cam software to manage recording, playback, and storage of camera footage. The amount of space on the NAS means I can easily keep a week or more worth of recordings from both cameras and with the actual NAS being stashed away out of easy view, it's unlikely to be stolen in the event of a burglary. Granted I could include those files in online storage but currently I don't have it set up that way.
Either way, the point is that many modern homes have plenty of sources of large files outside of pirated movies that can make a NAS useful.
A consumer (i.e. workplace for people who don't know better) NAS is usually Linux with a few hard drives attached via a cheerful and brightly coloured web UI - occasionally useful, some way short of secure.
I expect someone sells hardened ultra-secure corporate NAS boxes, but I've never seen any in the wild.
Don't people already do this with Synology NAS boxes? Just a normal IP camera, writing to storage and with remote access set up it should work. Not consumer plug and play, but I swear I've read about people doing this...
A NAS is generally safe if you don't do anything stupid with it (there are footguns available of course). But you can easily cut it off from the broader internet entirely.
It would be good if that was the only difference, but unfortunately NAS boxes usually lack the competent security updates and the automated delivery mechanism for them.
The trouble is, the sort of people who would buy a pre-hardened NAS are also the sort of people who would be suspicious of a pre-built unit. I know for sure I wouldn't trust anything off the shelf, I'd take the base OS and build something around it.
> A NAS is a standalone box that receives automatic updates, is 100% remote-management enabled by default, can be easily reset to factory settings,
Most NAS fail at one or more of these.
In addition 90% of them are very bad about security, and putting these kinds of devices on your company or office network transforms it from an internet access network into a garden for insecure appliances to be coddled, a stepping stone that must be vigorously firewalled, scanned, and monitored.
I'd assume that every consumer NAS device is insecure these days. I had a Terramaster NAS and was hit with a ransomware attack because of the poor security of their OS through a feature I had turned off. It caused me to look into it more and realized that all of the consumer NAS devices have had similar security issues.
You are far better off getting cheap hardware and running TrueNAS or Unraid on it as they actually get regular software updates and don't have a history of major security issues.
reply