Slashdot Mirror
Ask Slashdot: Stepping Down From an Office Server To NAS-Only?
First time accepted submitter rawket.scientist writes "I'm a full time lawyer and part time nerd doing most of the IT support for my small (~10 person) firm. We make heavy use of our old Windows Server 2003 machine for networked storage, and we use it as a DNS server (by choice, not necessity), but we don't use it for our e-mail, web hosting, productivity or software licensing. No Sharepoint, no Exchange, etc. Now old faithful is giving signs of giving out, and I'm seriously considering replacing it with a NAS device like the Synology DS1512+ or Dell PowerVault NX200. Am I penny-wise but pound foolish here? And is it overambitious for someone who's only dabbled in networking 101 to think of setting up a satisfactory, secure VPN or FTP server on one of these? We've had outside consultants and support in the past, but I always get the first 'Why is it doing this?' call, and I like to have the answer, especially if I was the one who recommended the hardware."
If you have any expectations of maintaining confidentiality for yourselves or your clients, a cloud service is not for you. All cloud providers make claims as to the privacy of your data - when put to the test they'll hand it over to the wrong people in a heartbeat.
// -- http://www.BRAD-X.com/ --
For your own safety and piece of mind, do not do this. As a part-time support person in a small environment, you don't have the time to master the subtleties of effectively rootkitting a commercial server and maintaining special, out-of-band, non-vendor supported services on it. It's likely to break down at unpredictable times with basic system updates and network firewall changes associated with the NAS services themselves.
Strongly, strongly consider fragmenting the functions. A VPN and firewall box, running on a small physical applicance, is generally much safer to expose to the Internet than a Windows server that will requirely monthly major updates and possible reboots and possibly daily vital security updates that are too late to salvage the system from what it's _already_ been exposed to.
Oh, yes. Lose the FTP server, unless it's only for upload from your clients and there is no "browsing" function for the files already uploaded. FTP packets are sniffed on a frequent basis on poorly manged, publicly exposed routers and network switches for login names and passwords. It exposes you and your clients to all sorts of security issues if they're using their Windows login names and passwords for FTP access. There are numerous ways to do this better: gather your requirements first, and you can assess whether HTTPS, SFTP, FTPS, or something else might be better. The only reasons to use FTP now are obsolete clients that cannot be upgraded, technical people who refuse to be educated, and publicly accessible download sites with anonymous access.
So you needed a real server, and were surprised when a NAS didn't meet your requirements?
The problem isn't the NAS. It's you. If you need a real server, don't install a NAS and then whine when it's not a real server.