NAS vulnerability - malicious software & Ransomware

There have been many reports of attackers targeting NAS solutions recently.

What are some basic rules I can follow to help secure my TrueNAS setup against attacks like this?

  1. Never expose NAS to WAN or any remote access cloud service. Use a VPN instead.
    – Disable UPnP on both firewall and NAS
    – Do not port forward, except for a VPN
    – Do not use cloud based remote access services.
  2. Implement 3-2-1 backup strategy.
  3. Replace EOL devices/software.

Too easy for malicious actors to find any device on a WAN.

https://www.shodan.io/search?query=truenas

3 Likes

Keep your truenas box behind a properly configured firewall and you will be ok.

Those WD devices can be accessed via cloud service, LOL, obviously not a good idea.

1 Like