I switched to NAS from Dropbox after hearing that dropbox is not very secure. I was thinking of switching to SpiderOak but then liked the idea of having my own files locally and access them directly. But now I see that the access goes through WD - does that mean they potentially have access to all our files? Is there end to end encryption?
Any answers would be much appreciated as this was the main reason I switched.
Yeah, tehnically WD have access to all our files (Because WDMC connected to wd2go through OpenVPN. Its secure connection, but wd2go.com can see all your files.)
Need real āSecurityā - Build your own system (Source code for Kernel, bootloader and all system apps are available by GPL)
^Curious, is that the case only with Remote Access activated? Or is that the case even with it off?
>>>But now I see that the access goes through WD - does that mean they potentially have access to all our files? Is there end to end encryption?
I also liked the idea of controlling my own personal cloud. Since you mentioned security I suggest using My Cloud to locally store and serve your media files and share aaother documents within your home. I have disabled remote access on dashboard, blocked access at my router. I have full access using hard wire or wifi from anywhere in my house using iPhone, Mac, Windows, Linux.
Think you guys got it all wrong. Wd2go is merely providing us with remote access service but they do not have access to our local data unlike those online cloud provider even if itās through openvpn because they do not have our local shares login credentials. Thatās where the java API prompts you for your share logins before the drive is being mapped to the remote PC. For the mobile apps, it uses hashed credentials generated from the WD Dashboard to allow you to access your shares via webdav.
Technically what they do is to provide us with a dns forwarding service that help us to login remotely without the need to remember our dynamic ip address : port. And if your home network is not able to do direct SSL connection, it will then use openvpn to tunnel the connection to your nas.
I do not represent WD but it doesnāt take a lot of effort to read their source codes.
Thatās what I wanted to hear!! Can anyone from WD confirm this?
Thanks Nazar78 for the response. Much appreciated.
Iām conscientious about privacy rights and not a fan of dropbox (as per Snowdenās comments).
I hope more people will demand end to end encryption and not have the apathetic attitude of āIāve nothing to hideā.
WD does not have access to any of your files. Ā Wd2go is just a service that redirects you to your drive. Ā Its a direct connection if you are in port forwared mode, if youāre relayed, then the connection uses WD servers (openvpn) to redirect you to your drive. Ā
OK, but given that theyāre a man in the middle, if WD2GO is compromised, canāt a hacker capture your password (and then send you on to your own drive with you none the wiser)?
Also, seeĀ http://www.techrepublic.com/article/western-digitals-extended-service-outage-is-a-rude-awakening-for-my-cloud-customers/ ā even if itās not insecure, it is a single point of failure.
pickfork wrote:
Also, see http://www.techrepublic.com/article/western-digitals-extended-service-outage-is-a-rude-awakening-for-my-cloud-customers/ ā even if itās not insecure, it is a single point of failure.
Yes using WD2Go, like many online services, introduces the possibility of a single point of failure, but the fact is that not everyone is capable, has the hardware (or software), or wants to spend the time setting up end to end VPN (even using OpenVPN) to access their WD My Cloud. WD2Go offers an easy solution that works (for the most part) for many people to access their WD My Cloud.
On the general subject of how secure the WD My Cloud is, or that ANY entry level low cost consumer device is. The second you open up any device to access from the internet you introduce the possibility of it being hacked or accessed by others. The dirty lilttle secret which no one likes to talk about with the masses, pretty much any device that is not 100% āair gappedā is a security liability. Even āair gappedā devices could be vulnerable in the wrong hands. If you have truly sensitive data then either donāt put it on a device connected to a network, or invest in enterprise level devices and security and practice enterprise level security procedures. The masses lives under the illusion of security when it comes to their PC and internet connected devices.
Iām hoping my comments/questions here actually belong in this threadā¦
My goal:Ā understanding what I need to do on my (WD MY CLOUD) NAS to make the default Shares secure.Ā Read on.
Follow my train of thinking here for my concerns with security :
1a. many (all?) of the default Shares on this NAS (eg, Time Machine backup, Smartware, I believe even my initial āadminā userās home/personal share) are setup with āPublicā access
*and*
1b. by default, these same shares are setup with what I see as the public/guest accessā¦ie, no real credentials required.
2.Ā If āremote accessā is indeed turned āonā for my NASā¦
Then, can somebody explain how my data on my NAS is indeed āsecureā?Ā That is, couldnāt *somebody* (eg, Wd2go, possibly others on the internet???) access those default Shares?
I *could* see it being secured for a Share with Private access, or requiring credentialsā¦but, otherwise, itās not clear to me.
Ohā¦furthermore, with my original train of thinking, does it then make sense to make the T.M.-backup and Smartware shares āprivateā and requiring credentials?Ā (Can that be done once backups for these are already setup for those default Public/guest Shares?)
thanks
Ben
bmoir wrote:
Then, can somebody explain how my data on my NAS is indeed āsecureā? That is, couldnāt *somebody* (eg, Wd2go, possibly others on the internet???) access those default Shares?
I *could* see it being secured for a Share with Private access, or requiring credentialsā¦but, otherwise, itās not clear to me.
Ohā¦furthermore, with my original train of thinking, does it then make sense to make the T.M.-backup and Smartware shares āprivateā and requiring credentials? (Can that be done once backups for these are already setup for those default Public/guest Shares?)
The answer to your questions is to simply set āPublic Accessā to āOffā on all Shares, then enable āUserā access individually on each of the now Private Share folders. At first glance it appears one cannot change the āPublic Accessā setting on the Public Share folder. Thanks to a bug in the WD My Cloud Dashboard, one can change the āPublic Accessā setting by attempting to change the name of the Public Share through the Dashboard, which will generate an error. After closing the error message one can then change the āPublic Accessā setting to āOffā on the Public Share.
Note however that resetting the WD My Cloud or upgrading the firmware may reset the āPublic Accessā setting for the Public Share folder back to āOnā. Apparently the Public Share folder is utilized by the Twonky media server.
You can solve all of this by not putting any files in the Public Share in the first place like is recommended in the Twonky/DLNA FAQ thread at the top of this subforum.
As to your question about your NAS being secure. Nothing is 100% secure once connected to a local network and or if connected to the internet. Ultimately it is the userās responsibility to secure the equipment on their local network and to set levels of access to that equipment if they can.
One further word of note. While you can configure all the Shares to require a username/password to access, keep in mind that if you enable āMedia Servingā on any or all Private Shares, a DLNA client will be able to access and view any media in that Private Share. Disable āMedia Servingā on any or all Private Shares you do not want accessed by DLNA clients. DLNA is a method for streaming media (video, audio, pictures) across the local network to DLNA enabled devices and software.
Bennor wrote:
- *-- snipped some ā As to your question about your NAS being secure. Nothing is 100% secure once connected to a local network and or if connected to the internet. Ultimately it is the userās responsibility to secure the equipment on their local network and to set levels of access to that equipment if they can.
ā snipped some ā
Bennor,
Thanks for your clarifications. They actually matched many of my assumptions based on what I had read earlier in this thread, and in other info I had seen. Theyāve given me the confidence I needed to proceed with some changes. Thank you!
One of the reasons I was confused on this matter, is that any of the documentation Iād seen thus far, including the User Manual, basically indicated to actually use the default Guest / Public shares āas-isāā¦ That is, I did not see *any* mention of *setting* a Guest password, or alternatively (as youāve described) essentially using Private shares that are user/pwd protected.
re: NAS being secure once on a local network or the internetā¦
Yes. Totally understand this (and indeed part of the main reason for my questioning of it in the first place). 
So, Iām planning to convert the T.M-backup and Smartware shares from Public to Private. Each share already has data backed up to it. Do you foresee any hiccups with what should hopefully just be an easy toggle? (I anticipate just toggle from Public to Private, and then re-connect from the āsourceā computerā¦and thatāll be it. Sound about right?)
thanks
Ben
bmoir wrote:
So, Iām planning to convert the T.M-backup and Smartware shares from Public to Private. Each share already has data backed up to it. Do you foresee any hiccups with what should hopefully just be an easy toggle? (I anticipate just toggle from Public to Private, and then re-connect from the āsourceā computerā¦and thatāll be it. Sound about right?)
Yes it is as easy as a toggle. Just click on Public Access to change it from On to Off. Then under User Access on that same screen select the permission level (No Acccess, Read Access, Full Access) for each individual user.
Where the hick-up may happen is with the PC or Mac that access that drive not popping up a username/password dialogue box after the permission changes have been made on the Share. Sometimes, at least with Windows OS, you may get a message about the folder/share being inaccessible due to not having the permission to access it after changing the Pubic Access option to Off on a Share. If the Share folder was mapped, remove the mapped folder then attempt to map it again and you should get a username/password entry box. Other times a simple restart of the computer fixes the issue.
Bennor,
Thanks again for the clarifications, to give me the confidence to toggle these Public/guest shares to āmoreā Privateā¦
I think Iāve got it setup correctly now, and seems to be working fine.Ā 
Very much appreciated.Ā Thank you!
Ben
Are you suggesting a DNS can mitm you?
| Forums | News and Announcements | Register | Help | Forum Guidelines |
Copyright Ā© 2021 Western Digital Technologies, Inc. All rights
reserved.
|
Trademarks
|
Privacy
|
Community Terms of Service
|
Site Terms of Use
|
Copyright
|
Contact WD
|