MyCloud as local network device only

hi,

I have MyCloud device 2.gen and would like to use it only local in my home network accessing it wireless via WLAN. So no could access, no other users, no remore access.
To avoid possible security attacks it will be permanetly switched off and only when I want to access the storage I will turn it on manually.
So , my question is how to set up the MyCloud device and/or my network to prevent vulnabilities? Well, I will turn off the remote access option, but is there something else I could set up if using the MyCloud only as wireless network device in my home network?

thanks

Disable remote access via the My Cloud Dashboard and make sure there are no port forwarding entries in your router to the My Cloud. Further one can set all Shares (but Public) to Private and assign/limit access to them via the My Cloud Dashboard. Further turning off SSH and FTP if they are enabled will help limit other access to the My Cloud.

Of course none of those suggestions help if you do not lock down your local network’s WiFi and Ethernet. No WiFi guest network that does not have a password. Use WPA2 where ever possible. Do not allow anyone you do not know and trust to access your network.

how do you mean this? could you explain

Further, when disabling the remote access will I be able to access the MyCloud device via the MyCloud app on the mobile device?

See the My Cloud Dashboard where one can configure Public/Private access to all Shares except the main Public share. When a Share is set to Private one can control who (users created through the My Cloud Dashboard) has access to the Share. The options are; no access, read only access, full access.

If you haven’t already done so see the My Cloud User Manual (https://support.wdc.com/product.aspx?ID=904)or embedded Dashboard Help for more information on how to configure a Share to Private and set access to it.

One can still access the My Cloud using the My Cloud mobile apps so long as they are connected via WiFi to the same local network as the My Cloud. One may have to remove and re-add the My Cloud server to their WD mobile app if they initually configured the app to use the MyCloud.com login.

ok, i understood.
But to clarify who do you mean with “they” and “their” in the above? sorry for my English

When one adds a My Cloud to their WD mobile app they have the choice of finding the My Cloud on the local network, or finding a remote network My Cloud using the MyCloud.com web portal login.

If one added their My Cloud using the MyCloud.com portal login it is possible that My Cloud may not be accessible if one disabled broadband access to that My Cloud even though the mobile device is connected, using WiFi, to the same local network as the My Cloud. The solution is to remove the My Cloud entry in the WD mobile app and re-add the My Cloud entry using the local network My Cloud.

Hi,

I dont know what messed up… After a reboot of the MyCloud device it got again new IP adress (DHCP was enabeld). It happens so often, I dont know why, it makes me angry :frowning: . Anyway, I then set a static IP. Then I also checked that remote cloud access is turned off.
As a result of both:

  • Login in the dashboard with no problem
  • Access the MyCloud device via the MyCloud Desktop App for Windows - I needed to remove the saved device, because it had the old IP adress, then restart the app and the device with the new IP was found.
  • Access the MyCloud device via the MyCloud App for Android - I needed to delete the app data in the Android settings, then launch the app again and needed to login again with my username/password for mycloud.com.
    So far so good. But at the end I wanted to login in the mycloud.com via IE. Login succeeded but now it says that it is not possible to connect, device is offline. All tests are made in the local network. So, I dont know it the problem is because of the new (static) IP or because of the disabled cloud access? Or because of both? I dont know how to force mycloud.com to remove the device shown as offline (as it is online for sure, because I access it via app, dashboard, network explorer etc.) and search/find it again.

I hope you can help. And hopefully I dont need to reset the device again :-/

thanks

When you turn off remote access/cloud access in the Dashboard you can no longer access the My Cloud remotely using the MyCloud.com web portal.

even if I am in my local network where Mycloud is connected to the router?

but why I am able to access the MyCloud with disabled cloud access via Dashboard, via MyCloud Desktop app for Windows , and even with MyCloud app for Android?

Yes. When you turn off remote access you can no longer access the My Cloud using the MyCloud.com web portal.

The My Cloud is generally a network attached storage device (NAS) with limited remote access (cloud access) capability. When you disable remote access your My Cloud is STILL accessible on the local network. All one is doing when disabling remote access is turning off the ability to access the My Cloud from a REMOTE location using the MyCloud.com web portal, and the various WD software/mobile apps. The My Cloud software/mobile apps will still access the My Cloud over a local network with remote access disabled.

I have been playing with the settings. . .and I find them somewhat “strange”.

I find that if I turn off Remote Access, I can still access the device from my phone away from home- - > if my phone has an established VPN link to the router (I use VPN software on the router to establish a link to the router). (note that this doesn’t seem to work with wd.com)

I also find that if I have Port Forwarding correctly set on the router - – > I can get remote access using the WD app on the phone regardless of VPN status. (i.e. this stresses the importance of addressing BOTH the router and the NAS; depending on how you are set up). The implication is that the box is always “listening”.

Security can be a real headache.

What is your firmware version?

@Bennor what would you say?

If you have established your own VPN connection between the phone/mobile device and the router, then (typically) the phone/mobile device will have full access to the local network including the My Cloud and any other device on the local network. That would explain why the WD mobile device can still access the My Cloud even with remote access within the Dashboard disabled. Disable the VPN connection from the phone/mobile device to the router (and disable the phone’s wifi) and check if you can still access the remote My Cloud.

By using VPN you are establishing a separate and secure tunnel to your network and all devices on it. When one enables remote access in the My Cloud Dashboard they are only enabling a secure tunnel (using mycloud.com or the mobile apps) to the My Cloud device only.

Bennor;

Thanks for the response.
I did not realize the VPN operated that way - - -> I am a bit of a noob with VPNs.
Actually. . . .I am pleased that this seems to block wd.com; but I can still access the system remotely (and with VPN, which I want to use to access the network anyway).

I am still figuring out certain aspects. . . .I have two WD (different) MyCloud devices and they seem to be behaving slightly differently. Fun. (sort of)

If I set a share as private but then allow all my users (created through the My Cloud Dashboard) the access this share - is this private share then actually public?
And the opposite: If I set a share as public but then fully block the access to it for all my users (created through the My Cloud Dashboard) - is this public share then actually private?

So with other words: what is the relation between the public option and the access level settings of the shares?

There appears to be some confusion over public and private shares. Generally to access a public share one does not need to enter in a user name and password to access the public share. All users have full read/write access in a public share.

Generally for a private share one must enter in a user name and password in order to access the private share. It won’t matter what setting (read only, full access, no access) a share has. If set to Private then either one cannot the contents or they have to enter in a user name/password to have either read only or full access to the share contents.

With a public share, anyone who accesses your local network will typically be able to access and see the public share’s contents.

For example WD by default creates a single public share called Public. Officially one cannot set the share called Public to private. Hence there will always be one share on your My Cloud that is Public and can be accessed by anyone on the local network. Unofficially there are various ways other users have tried to either hide the share called Public or configure it so it’s a private share.

One additional note. When Media Serving is enabled on a private share that media will be accessible to any DLNA client on the local network. The DLNA protocol/standard does not recognize user permissions on files/folders. If there is media you do not want to be shared to DLNA media clients make sure to turn off Media Sharing for the share in the My Cloud Dashboard.

ah ok, that is clear, thanks.

I remember to have seen in the settings ot the default Public share in the Dashboard that there is a switch TurnOFF/ON to be private. I turned it on and the change was enabled.
Am I wrong ? Dont have the MyCloud to access and verify this…

On the single bay My Cloud (first generation v4.x firmware at least) the default Public Share cannot be set to private. The option is grayed out.

All other Shares including user created Shares can be set to Private.

on my 2. Gen device the Public Share can be set to private