Perhaps you recently decided to add enterprise NAS storage in your data centre. Now you’re wondering about the best ways to secure this new technology upgrade. Or perhaps you’ve had your NAS storage for a while, but you’re concerned your data isn’t fully protected. Either way, if you’re responsible for protecting company information, it’s essential to implement a security plan for resilient storage infrastructure.
Enterprise NAS systems can be a great asset. They provide flexibility and can scale up to suit growing business needs. However, many organizations do not have a security plan in place. These tips will ensure a secure and safe data center.
Restrict remote access to your network attached storage
The first thing you must do is ensure that remote access to your NAS storage is restricted. It gives users the ability to remotely configure and manage storage on the NAS server. Make sure that the remote access feature is disabled.
To disable remote access, log into your NAS server as an administrator and navigate to storage> Manage Shared Folders. Click on Users and Groups. Under Administrative Users, select Disable Remote Access for all users. Note that this process may differ depending on your model.
Share files, not folders
Do not share folders with external users because it will access all files inside the folder. If you want to share files, use a shared link instead of a folder and do not share the entire NAS device with other users as it makes your data more vulnerable.
Use strong passwords
Do not use default passwords. Make sure it combines upper case letters, lower case letters, symbols, and numeric characters.
Choose an easy password for you to remember but difficult for others to guess or crack. If the NAS has a “hidden” administrator account, be sure to disable it – do not enable it for remote administration. A hidden admin account is only useful if an intruder does not know about it.
Use high-quality encryption
Encrypting data is one of the best ways to ensure your information remains safe from thieves, hackers, and other threats. Many modern NAS devices have built-in encryption, so you don’t need additional software. Others may require purchasing encryption software.
Encryption comes in many different varieties but is usually one of three categories. Symmetric encryption (such as AES), asymmetric encryption (such as RSA), or hashing (such as SHA-256).
Use anti-ransomware protection
The NAS system should have a firewall, anti-malware, and security software that prevents any unauthorized access to the system, including access via remote desktop. The NAS server should also have an intrusion detection and prevention system that monitors all activity on the server. Any unusual activity should trigger an email alert to designated administrators.
Use VPN whenever possible.
A NAS is designed for LAN connectivity, and most NAS devices offer to configure the unit for your network over Ethernet. This, however, leaves it vulnerable to a lot of threats.
Do not expose NAS to services like Telnet through Internet for direct access for external users. Use SFTP and RDP/VNC protocols for secure remote access.
If you have to use these features, you are better off creating a VPN connection with your storage.
Use strong firewalls
Your storage should be placed behind a firewall in a demilitarized zone (DMZ). This will prevent unauthorized Internet access and protect the NAS from outside threats posed by malicious entities looking to steal your precious data.
Don’t forget to utilize features that are already built into the device.
Modern NAS systems come with many other features to improve data security. Features like WORM volumes maintain your data in an unalterable state, making it difficult for anyone to delete. Snapshots is another excellent feature that takes point-in-time backups of your data and restores it to that time when an error occurs. Furthermore, many NAS appliances offer replication to multiple offsite locations. Stonefly also offers a cloud connect feature that integrates Veeam, Amazon AWS, and Microsoft Azure into a single platform.
Use access-control lists to limit users’ privileges
Access control is not an easy process, but it is a must to ensure data security. It can help you restrict users’ access to specific files and folders and prevent a malicious user from accessing critical information or stealing your company’s data.
An access control list (ACL) is a list of names or IDs that restricts what users, groups, or computers can do. You can use an ACL to prohibit or allow access to specific files or folders on your storage device. You must first create one or more standard access control entries (ACEs) to create an ACL. Each ACE contains a user, group, or computer name; the type of access allowed (read, write, or execute); and the protected path to the resource.
To prevent accidental or malicious deletion of data, you can set a user quota on each user account for how much data can be stored on the NAS. If a user attempts to exceed their quota, you will receive an alert.
Have a disaster recovery plan
Your NAS storage should be kept in a secure, monitored location. The data stored on the NAS should be backed up to another offsite location or on the cloud. It is always recommended to have a full backup of your storage to backup and DR devices so you can recover all your data with minimal effort in case of an attack.
Bottom Line
Security should be considered from the beginning of storage deployment. As part of the acquisition process, organizations must assess their security requirements. With this information, organizations can ensure an ideally placed storage solution that is resilient and robust.
