WDMyCloud Security

I am curious about security and using the Cloud Access Feature of WD My Cloud. I have this up and running and it works fine. My concern is that I am seeing some connections in my router’s log that I don’t understand.

There are many connections from an IP Address that seems to be Western Digital’s, to the local IP Address of my WD MyCloud device on port 80. The External port varies (UPnP?). As far as I know, nothing is using the My Cloud apps at the time, but since the IP Address belongs to WD, I guess it makes sense.

I also see many connections from different IPs forwarding to my WD My Cloud device on Port 443. These IPs are unknown to me and a WHOIS lookup shows they are from all over the place. Again, the external ports vary, but the internal port is always 443. According to WHOIS lookups, these IPs don’t belong to WD and are everything from individual users, to universities and others.

Should I be concerned about these connections?

Because of my concern about WD’s lack of clarity wrt consumer security I simply turned a 3 TB MyClound into a NAS by totally blocking access at my router.

Yes - I am coming around to the idea of disabling the Cloud feature. Which would be a bummer because I like the idea of being able to access these files from anywhere. Hopefully someone can shed some light on this topic.

One thing to check is the outbound connections versus inbound connections if your router supports that level of reporting. One can also disable their router’s UPnP if the router supports that option and configure the My Cloud to use specific ports for remote access rather than being set to automatic. When setting the My Cloud to manual and specifying the ports, one would have to configure port forwarding within the router to route the two ports traffic to the My Cloud.

The bottom line is that when you open ports to allow traffic through your network to devices like the My Cloud or any other device that can be accessed from the internet there will always be a security risk. There are several previous threads that cover various security issues with the My Cloud. As I understand it, the My Cloud does need to send some traffic to the internet to keep the remote access tunnel open for remote access users (be it mobile apps, MyCloud.com or My Cloud Desktop).

Port 443 is for SSL TCP packets (SSH, HTTPS, etc).

Here’s an interesting article about some of the potential attacks that bypass a firewall.

http://www.sans.edu/research/security-laboratory/article/top-firewall-leaks