A few things you can do to secure your FreeNAS box if you have Internet access enabled for some services.
This list will be updated as I learn more tips. (If you have a tip, send it to me.)
1. Don’t allow the root account to access SSH. Under Services/SSHD, make sure the Permit root login box is NOT checked. If this is checked, someone can log in as root if they know or crack your password. If this is not checked, they must guess your user ID and your password.
2. Don’t use ‘admin’ or ‘administrator’ as your ID for webGUI.
3. Don’t use http for web access. Use https. You do not have to have a security certificate to do this. Though you will get a warning message if you don’t.
4. Don’t use FTP. In fact, make sure FTP is disabled. Use an SSH connection from your FTP client to encrypt your traffic.
5. Check your logs regularly. While FreeNAS has security measures to protect against some brute force attacks, it never hurts to make sure you have not been hacked into.
6. For the love of god, please please please have some kind of hardware firewall in place. Netgear or Linksys routers work nicely. Only pass through the ports you need to make services work. Port 22 for SSH, port 443 for HTTPS for example. This will be under the application/gaming section of the Linksys router configuration.
7. Use a long password and not something that is a word that is found in any language dictionary. (Google your proposed password. If it has no hits in google, that is a good thing.) Include numbers as part of your password.
David:
I’m quiet new to this stuff, But i’m finding a bit too hard to find help related to this matter. You discourage the use of FTP under FreeNAS. How should I connect for navigation and updaload/download from a remote computer?
I have already configured SSH without problems, but it’s seems not enough no upload/donwload but for managing files and folders instead.
If FTP IS the answer, anyway, I’m finding it hard to make it work. Using default ports and routing trough the router seems not to be working or I’m not understanding it the correct way.
My router is a Linksys WRT54GL. Quiet standard model, I guess.
Kudos.
Alejandro,
FTP client software, such as Filezilla, which is open source freeware, can connect to your server over SSH. So, essentially, you get the same access as FTP, but the advantage is that it is encrypted. Give Filezilla a try, setting your server type to SFTP on the connection manager.
Hi David!
Thank You for collecting and sharing Your tips. Great and very useful work.
Regards from Austria
Wolfgang
Hi,
Why discourage the use of ftp? Why not use ftp with SSL/TLS?
/regards
Qualle,
The article was written in 2007. Since that time, much has changed in FreeNAS including the addition of functional SSL/TLS. However, I have stopped using FreeNAS at this time, so I can not offer help with the new features.
May I ask what your are using instead of FreeNAS?
Sadly, I caved in and got Windows Server 2008 R2. I know… I’m a sellout. LOL. Actually, since my day job uses Micro$oft technology it made sense for me to use it at home to learn it better.
Yea, sorry i noticed alittle to late.