I have a concern. I bought the MyCloud 4GB drive. I’m able to connect and load the files and access the files. No problem.
The problem I’m having is that all one has to do is download the MyCloud Software and install it. It does not ask you for credentials when you install. It automatically finds the drive and you automatically have access. So anyone standing outside the door to my appartment who gets access to my network automatically has access to my drive. Anyone in my apartment, roommate, friends of roommate, etc, only has to download the software and he can access, read and use anything he wants.
How do i prevent this from happening?
I don’t understand why WD hasn’t made this a top concern and stated how to prevent this. I remember being able to list which users can access my drive. But it doesn’t ask at all.
How are they going to get access to your secured WiFi network?
You do have your WiFi network secured with WPA or WPA2 don’t you…?
If that isn’t enough, create Users on your mycloud, and assign passwords. Then put your private data into the password-secured private shares. Only use the public share for things you want to be public to anyone who can access your protected WiFi network (I.e. only those people you give the WiFi password to).
Oh. and you don’t even need to download any software to get access the mycloud (if you can access the local network); you can simply map it in to your operating system’s file system. This is what I do with both Windows and Android; I don’t use any WD software for local access to mycloud.
I have a concern. I bought the MyCloud 4GB drive. I’m able to connect and load the files and access the files. No problem.
The problem I’m having is that all one has to do is download the MyCloud Software and install it. It does not ask you for credentials when you install. It automatically finds the drive and you automatically have access. So anyone standing outside the door to my appartment who gets access to my network automatically has access to my drive. Anyone in my apartment, roommate, friends of roommate, etc, only has to download the software and he can access, read and use anything he wants.
How do i prevent this from happening?
I don’t understand why WD hasn’t made this a top concern and stated how to prevent this. I remember being able to list which users can access my drive. But it doesn’t ask at all.
First you don’t indicate what type of device or program (like say a DLNA client) that is able to access your WD My Cloud and view/load the files you though were private stored on it. Second you don’t appear to indicate where the files are stored on the WD My Cloud. In otherwords are the files stored in the “Public” share folder(s)? Or are they stored in “Private” share folders?
As the previous person indicated a person would first have to gain access to your WiFi network. If you leave your network wide open (no WiFi security) that is your choice but generally NOT recomended. If possible use WPA2 WiFi security with a strong password. Otherwise they’d have to either have phyiscal access, like say to the Ethernet cables) in order to tap in to your local network.
It is important to remember that if one enables, through the WD My Cloud user interface, “Media Serving” on ANY folder on the WD MY Cloud regueardless of if that share is marked as public or private, all media files will be visible to any DLNA client that can access the WD My Cloud. The fix is to turn off/disable “Media Serving” on any and all private share folders.
If you have not done so already, it it is recomended that you read the WD My Cloud User Manual, in particular Chapter 8 and the subsection of that chapter called Making a Share Private.
Last but not least do not put any files in the “Public” folder that you don’t want anyone to view.
Oh, and on reading the manual, it will be discovered that, if you have physical access to the drive, it is a simple matter to reset the admin access code. So if there are people you don’t trust, you need to prevent them getting physical access.
The MyCloud is a consumer product, intended for home or home office use. It is assumed that anyone with local network or physical access can be trusted.
Thanks guys! I did not realize there was another manual other than what came in the box.
No, none of my files were in public. That’s a bit obvious no-no! I had them in the folder with my name assigned.
On one hand as you say cpt_paranoia, i can see that for home use they’d give people the opportunity to reset the password since people make mistakes. But sadly this also means that if someone breaks in and steal your drive they’ll have access to all your files. I really don’t like that.
I trust my roommates for the most part. I simply don’t want to leave the door wide open for them to go browsing. There is a difference. Also I don’t know who his friends might be.
WPA, I don’t know what that is honestly. I have an ATT modem and it is password protected. The password of course is on the box. I don’t see that as a concern since if someone breaks in they are not going to just sit there and surf the net. THat would be stupid.
The solution to the concern that if someone steals or gains access to your WD My Cloud that they could simply press the reset button to reset teh administrator password is to encrypt one’s sensitive files on the WD My Cloud. If backing up, then use a backup program that supports encrypting the backup file (or its contents).
WPA and WPA2 are a types of WiFi encryption. Typically many broadband routers that broadband providers rent or hand out will now come configured for WPA or WPA2 encryption out of the box. In the past this wasn’t always the case.
But sadly this also means that if someone breaks in and steal your drive they’ll have access to all your files. I really don’t like that.
Does your PC have an encrypted hard disk? Your external hard drives? Your USB sticks? Your phone? What encryption do they use? AES256? AES128? Triple DES? Single DES…?
Do you use cryptographically strong passwords? Are you sure…?
What data are you trying to protect? What is its critical lifetime? How damaging would it be if released?
Do you need to perform a Security Risk Assessment…?
I’m asking these questions to try to put things into perspective… Note my online name…
