Security Issue? Open CIFS ports on router?

[HaGGardSmurf]

Hey guys

I'm wondering about the security issues with opening ports 137 138 139 and 445 to the world. I have a need to upload + download files to my NAS remotely.

I generally do most of my uploads and downloads from my android cell phone, and currently I've found an app called ES File Manager which works on CIFS to browse files. I've configured it to be able to connect remotely to my freenas server i've built and forwarded the ports in my router.

However my question is how secure would this be? I've heard of people hacking NAS servers and uploading bitcoin miners and I definitely do not want that, what kind of security could I put in place? Is there a better method to do what I want to do with freenas?

 

[DrKK]

Sir.

Put the FreeNAS down.

Put it down now before anyone gets hurt.

 

[D4nthr4x]

You should stop that now, and instead set up certificate based SSH (SFTP) authentication...

 

[DrKK]

Seriously, if you opened 137, 138, 139, and 445 to the WAN already, the Chinese and the Russians are already mining coins. CLOSE THOSE PORTS *NOW*

 

[cyberjock]

I give him 10 minutes with those ports opened before he's pwned.... LOL!

 

[RussianMafia]

I'm wondering about the security issues with opening ports 137 138 139 and 445 to the world. I have a need to upload + download files to my NAS remotely.

Comrade,

Is absolutely no problem to be having these ports all open. You have heard of the Open Source, or the Open System, da? Is good. Open port is exact same. Also good. More open ports you have, better is. More, how you say it, "user friendly". Makes things easier for everyone, da? Please be paying no attention to people saying not to open these ports because is bad and blah blah blah. These people are selfish capitalists and care only to keep both ports and freedom closed, we think! Even better to be turning on all services this way, then box is like nice swiss army knife, da? Always available with the blades and scissors little thing for opening the wine bottles, and you never have to break nail trying to open! We make metaphor, but am sure you understand. No security problems at all!

Also, if not so much trouble, can you please reply with IP address of your machine? We make sure is safe for you. Free service offered as hand of friendship to west! Spasibo.

 

[D4nthr4x]

^^^ 同上

 

[DrKK]

Товарищ, этот молодой капиталистической появляется не иметь фундаментальное понимание сетей. Если все американцы это глупо, мы будем иметь, как говорится, "День поля".

 

[DrKK]

This is when Cyberjock comes in and quotes the "English only in English subforums" rule and deletes our funny threads. :(

 

[HaGGardSmurf]

Relax...

I built a piece of crap system out of garbage components I have left over from upgrades and whatnot i've done over the years. If there is a miner on this system they'd be lucky to mine even one bitcoin in 30 years... After I make my descision about freenas or a prebuilt proprietary nas box I will be dismantling and throwing these components back in my drawer.

Anyhow, I've got FTP setup how do I enable SFTP is it as simple as turning SSH on?

 

[anodos]

If ssh is enabled then you should be able to sftp. I personally use filezilla as an sftp client. Unless I have specific reason not to, I set up a jail for sftp connections and chroot, and port forward to jail. Google sftp chroot.

 

[D4nthr4x]

Disable FTP, enable SSH. SSH is a full secure shell tunnel that allows you to run FTP encased in the secure connection. I think you should read up more on SSH and FreeNAS, and maybe security in general before you start opening your network.

 

[anodos]

Disable FTP, enable SSH. SSH is a full secure shell tunnel that allows you to run FTP encased in the secure connection. I think you should read up more on SSH and FreeNAS, and maybe security in general before you start opening your network.

Actually, SFTP is a distinct protocol. It is not the same as FTP over SSH (which is something you really don't want to do).

 

[D4nthr4x]

No it is one and the same: http://en.wikipedia.org/wiki/SSH_File_Transfer_Protocol You may be thinking of http://en.wikipedia.org/wiki/Simple_File_Transfer_Protocol But no one uses that shit and it shares the same abbreviation but when anyone is talking about SFTP they mean FTP over SSH, which isn't a distinct protocol and is part of SSH.

 

[anodos]

No it is one and the same: http://en.wikipedia.org/wiki/SSH_File_Transfer_Protocol You may be thinking of http://en.wikipedia.org/wiki/Simple_File_Transfer_Protocol But no one uses that shit and it shares the same abbreviation but when anyone is talking about SFTP they mean FTP over SSH, which isn't a distinct protocol and is part of SSH.

From above-linked wikipedia article entitled "SSH_File_Transfer_Protocol":
"SFTP is not FTP run over SSH, but rather a new protocol designed from the ground up by the IETF SECSH working group. "

 

[SmallGuy]

Just to throw oil onto fire, and to increase confusion, there is also this one: FTPS :D
http://en.m.wikipedia.org/wiki/FTPS :D

 

[D4nthr4x]

Functionally the same thing, it's still a ftp over ssh it just isn't the FTP over ssh.

edit: To be clear I thought you were saying SFTP was a distinct protocol from SSH, not that it was a distinct protocol from FTP. I never meant to say it was The FTP over SSH but just a FTP that goes over SSH.

 

[Starpulkka]

Njet ftp
Kokeile OpenVPN Connectia tai muuta. Putinin puhelimessasi.

 

[HaGGardSmurf]

Why dont I setup a VPN and access my files that way?

Thats the most secure method I gather?

 

[anodos]

Why dont I setup a VPN and access my files that way?

Thats the most secure method I gather?

It's the best solution for remote access. A good way of doing it is setting up an old computer with a couple of good nics as a pfsense firewall.