Email from ISP Notifying Security Problem

My Cloud OS 3 Personal & Network Attached Storage My Cloud EX2
1

Hi all,

Looks like security has been talked about to death, but I can’t find anything related to securing rsync.

CONCERN: I received the following warning from my ISP:

  • XX.XX.XX.XXX :
    • Open rsync : A publicly accessible rsync server can lead to exposure of sensitive data.
      • Module: Public;SmartWare;TimeMachineBackup;“PROCEEDS TO LIST ALL OF THE SHARES ON MY DRIVE”

Security Advisory Event 9406

Concerned because they were actually able to see ALL of my shares.

GOALS: Resolve this security problem while still being able to:
1. access my files remotely
2. Perform a remote backup to an offsite mycloud.

Has anyone used FortressSecure? Would that solve this problem?

Other Details: Current setup already has:

  • all shares ‘Public Access’ set to off, individual users setup as needed.
  • HTTPS, Remote Backup and SSH port forwarding setup (both myclouds backup unique shares to each other, so both have this port forwarding setup)
  • Remote server is turned on for the backups to work.
  • Cloud access is turned on.
  • AFP, NFS, SSH on
3

Thank you, but that response is so vague it’s really unhelpful.

Are you saying there is no way to secure the server and maintain any cloud access or remote backup? When those things are turned on it’s always open to the public?

5

Thank you for your time.

Can anyone help me with options to secure this device and maintain functionality? I don’t think what I’m asking is impossible?

7

Actually, no you didn’t. All you told me was that my setup was not secure. Which I already knew. That wasn’t helpful.