Insecure default configuration

[Revan]

At the moment i am setting up my FreeNAS 11.2-U2 system, but what i do not like is the insecure default configuration of FreeNAS.

1. With local access you have direct root access. There is no login required in the console. This shouldn't be the case. The user should be asked for the root password.
2. https access and a redirection from http to https is NOT set up by default.
For today's standards only https should be the default configuration and http acces should be forbidden. If someone really requires http acces, this should be configurable in the local console.
3. In the Webgui under System->General i can't change HTTP to HTTPS. It just doesn't save the new configuration. It always jumps back to HTTP.
4. If i logged of the webgui i can login by just pressing the back button. And e-voila i am in. This shouldn't be the case. The access should be denied if i have logged out.

EDIT:
Okay, i think i now know the error of 3.
It doesn't auto-generate a self-signed Certificate, thus the configuration can't be saved without adding a certificate.
It's a good thing to add your own certificate but for the beginning and for the default configuration there should be a self-signed certificate generated during install to make it possible to use https right at the beginning without an insecure connection over http.
The user can still set up a real root CA signed certificate after that.
The fingerprint of the self-signed certificate should be displayed in the local console to make it possible to compare it, when the user is trying to connect to the https connection the first time.

 

[dlavigne]

For 11.3, FreeNAS will default to HTTPS (and provide its own certificate) but will fallback to HTTP if there is an issue with the certificate.

For #1, you can uncheck System -> Advanced -> Show Text Console without Password Prompt.

#4 sounds like a bug. If you are seeing this on 11.2-RELEASE, please report it at bugs.freenas.org.

 

[Revan]

For 11.3, FreeNAS will default to HTTPS (and provide its own certificate) but will fallback to HTTP if there is an issue with the certificate.

Thanks for your answer. It's good to hear that this will be changed in 11.3.
In my opinion it should redirect to https:// if a user enters only http://

I don't like the idea of a fallback. It would be better to allow the user to turn on http in local text console or regenerate the self-signed certificate there if there is really a problem with https and its certificate. Normally the certificate should work.

SMB also allowed downgrading from version 2 or higher down to version 1 if there was a problem with the higher versions, but this downgrading allowed an attacker to get into the system.
If an attacker disturbs the https connection establishment the user might try the http login because of the fallback and this allows the attacker to intercept the password.

For #1, you can uncheck System -> Advanced -> Show Text Console without Password Prompt.

Thanks, i will do that.

#4 sounds like a bug. If you are seeing this on 11.2-RELEASE, please report it at bugs.freenas.org.

Okay, i will recheck that and fill in the bug report as soon as i have time for that. At the moment i am running a hard drive test on my NAS machine but not in FreeNAS, thus i can't test it at the moment.

BTW the certificate configuration menu could also need revision. It's usability isn't the best, it should be more intuitive but i have to take a closer look at that. Didn't had that much time for that on Friday.

 

[dlavigne]

The cert mgmt has also been redesigned for 11.3.