avpullano
Dabbler
- Joined
- Dec 30, 2012
- Messages
- 42
I'm preparing to start using SSH access to one of my jails (a ports jail, if it matters). I spend several months at a time outside of my home country and I want to be able to access a jail while away. I've actually already set up the SSH connection and used it successfully, but I've disabled it while I ensure that my security is up to par. I am going to set up an IP whitelist along with key-based authentication, both within the ports jail. I cannot set up the whitelist on my router (its firmware is garbage, but I'm stuck with it for now). Since all of the security will reside in my FreeNAS box, I want to make sure that I understand all possible points of failure.
So my question is, are there any ways to access any part of my main FreeNAS system from inside of a jail with no mount points?
I know, I'm being paranoid. I just want to make sure that if someone finds a loophole to get into my exposed jail, they won't be able to mess with my NAS volume. I understand that nothing is ever 100% secure, but I would hate to find out that leaving default option X would allow an attacker to gain access to my data. For example, I have a CIFS share configured to allow guest access (my cousins like to come over and quickly swap family photos). Could this be dangerous even though I'm only exposing my jail?
So my question is, are there any ways to access any part of my main FreeNAS system from inside of a jail with no mount points?
I know, I'm being paranoid. I just want to make sure that if someone finds a loophole to get into my exposed jail, they won't be able to mess with my NAS volume. I understand that nothing is ever 100% secure, but I would hate to find out that leaving default option X would allow an attacker to gain access to my data. For example, I have a CIFS share configured to allow guest access (my cousins like to come over and quickly swap family photos). Could this be dangerous even though I'm only exposing my jail?
