[REQUEST] Recommend a NAS Solution

[mmerry]

I am very leery of recommending QNAP. Lots of vulnerabilities.

QNAP fixes critical bug letting hackers inject malicious code

QNAP is warning customers to install QTS and QuTS firmware updates that fix a critical security vulnerability allowing remote attackers to inject malicious code on QNAP NAS devices.

www.bleepingcomputer.com

Listening to Security Now and Steve Gibson basically hates them. I think they are much less vulnerable if they are only used internally and don't have a web presence. I much prefer Synology though.

 

[britechguy]

Listening to Security Now and Steve Gibson basically hates them. I think they are much less vulnerable if they are only used internally and don't have a web presence.

The following is not meant to start a flame war, but what thing, any thing, that connects with cyberspace will not have a vulnerability or many vulnerabilities found if someone pounds on finding them hard enough?

The BleepingComputer article referenced is about a fix being pushed out for identified vulnerabilities, and these happen all the time, for every vendor in existence. You can't fix what you don't know about, and often you can't know about something until some clever hacker discovers something that was formerly unknown.

Computer security is by its very nature much like Spy vs. Spy in Mad Magazine. It's a never-ending game where no one ever stays on top forever. Provided that identified issues are patched, and as promptly as possible, by the makers there's not much more that can be done. And even the very best patches, provided at lightning speed, are of zero use if their application is non-automated and the person(s) who should be doing them with all possible dispatch choose not to do just that.

 

[Galdorf]

For the video part of it i would use jellyfin instead of plex thing about plex is that copying to mobile devices has been broken for some time sometimes it works other times it does not and now it is bloated with live tv and games and a video rental service.

I have personally switched and find it much better it is more customizable and works better with music and has many plugins that are free it is 100% free.

As for NAS i would go TruNAS scale i would not go for NAS hardware i find that cpu is sub par as well as video transcoding i would build a small form pc with an intel cpu with quick sync as well as an nvidia card gtx 1050 and up also use docker.

 

[YeOldeStonecat]

Any brand out there will have vulnerabilities/exploits. I love Synology (back when we used them)....they have their issues at well.
We never sold Western Digital ones..but...we saw TONS of "pwned ones" from that big exploit that went around a couple of years ago ransoming them.

As usual, best practice, keep them up to date.
And..there's more risk if you stick them outside your firewall to access them remotely.

 

[Galdorf]

The hack that LastPass had was from a vulnerability in Plex from one of the devs at home.
Software based NAS are usually more up to date than Hardware based systems you can do your own hardening as well if you run linux based server any software can have vulnerabilities but i prefer building my own server running on linux then i can do custom hardening facing the internet.

 

[labtech]

I am very leery of recommending QNAP. Lots of vulnerabilities.

QNAP fixes critical bug letting hackers inject malicious code

QNAP is warning customers to install QTS and QuTS firmware updates that fix a critical security vulnerability allowing remote attackers to inject malicious code on QNAP NAS devices.

www.bleepingcomputer.com

Listening to Security Now and Steve Gibson basically hates them. I think they are much less vulnerable if they are only used internally and don't have a web presence. I much prefer Synology though.

His QNAP model is a DAS (Direct Attached Storage, via USB for example), not a NAS. Therefore, those vulnerabilities do not apply. Otherwise, for the NAS versions, yes it may an issue.