I just started my MyCloud 2. Gen (2.xxx) device again, last time it was 2 years ago. I updated to lastest OS3 version.
Now I see the possibility to upgrade to OS5. My question ist why to do that. Ok, security reasons. But I use the cloud very very seldom as storage , and it is always turned off. I use it in my locale network, so I dont need remote access. So are the security updates only related to the remote access? If so can I stay on OS 3 since I have it all the time off and dont need remote access?
Whether you stay with OS3 or go to OS5 is up to you. You may want to look at this.
Same question about why upgrade to OS5 was asked recently in the OS5 subforum…
Any notable Pros/Cons of upgrading from OS3 to OS5 in 2024?
Main reason to update to OS5 is for security vulnerability patches (such as they are) going forward for as long as WD continues to support the specific My Cloud model and the ability to use WD’s method of OS5 remote access. OS3 will not be patched and hasn’t been since January/April of 2022.
Choice is yours on upgrading your unit or not. Only you can decide if you need the OS5 features or not for your use case.
Just note that if you do not plan to update to OS5 and choose to remain on the v2.x firmware to immediately block internet access to the My Cloud at the router/gateway level in addition to turning off internet access features on the My Cloud Dashboard > Settings itself, if you haven’t done so already. Any sort of internet access for the OS3 firmware could lead to the unit being compromised through existing security vulnerableness present in the OS3 (v3.x, v4.x and v2.x) firmware.
hi,
I know about the securitiy issues and end of support of OS3. I know it is up to me if I upgrade or nor.
But thatsway I wrote about me items usage in my first post. Once more: the cloud item is always turned off when I dont use it. And I use it very very very seldom, ans mostly to just copy/paste something on/from it. Then I power it off again. So the I ise it only local in my network. Remote access is off by default starting with 2.42 version . I dont have and dont use any Apps from the cloud . I dont stream from it . The only use I have is as a storage!
So, if so then all the benefits of OS5 are not relevant for me. The only question for me are the security updates. Are these only facing the remote access?
Since I can not see anymore the setting to toggle remote access in the Settings, I suppose with the lastest firmware this is set up to off by default. Am I right?
But still I can see in the Settings status “internet access”.
I dont see any on/off toggle there?
I suppose this is because of the time/date synch and upade check? So the only thing is to block internet access on my router. But the problem is I have a very basic router and as I remember I could not find such option when I looked earlier. Where is this option as usual placed in the router settings? And how could I check that the internet access to/from the could is blocked for real after blocking it on the router level?
The issue with OS/3 is that (I believe) there are one or two exploits that DO NOT require the “internet services” to be enabled to cause trouble. OS/3 is based on a very old version of Linux; which probably adds to vulnerabilities.
SO - - -I you have an OS/3 device on your network; you really need to block all internet access from the router; such that no malicious traffic even REACHES the NAS.
You need to look up the procedure for blocking access SPECIFIC to your router. It probably varies by brand. What I do know is that it was fairly easy to do on my cheap-as-dirt ASUS routers.
And no - - I don’t know how to test it.
It will depend on which OS3 firmware one has installed to their My Cloud. The final version of the OS3 firmware that WD released is supposed to disable internet access. In doing so it may remove or hide the My Cloud Dashboard > Settings > Cloud Access > Remote Access option. Here is what some firmware versions showed on the Settings page:
One should also check the Settings > Network section to see if there are any additional settings that might allow or have internet access.
One should check their network router or gateway to see if it includes the option to disable internet access to specific network clients like the My Cloud. This will provide an additional layer of security.
An example of how to block internet acces to a My Cloud on an Asus router:
Edit to add: One downside to blocking internet access at the router/gateway to the My Cloud is the My Cloud will fail to get/sync the internet NTP (network time) and may cause the unit to have the wrong date and time. The solution is either to manually configure the date and time on the My Cloud, or setup a local network NTP time server and configure the My Cloud NTP server setting to use that local network NTP server.
1 Like
Well, why do you think they may HIDE this settings in the dashboard. That will be nonsense . Is the remote access in the last OS3 version disabled by default or not?
See the OS3 firmware release notes for each version of the final v2.x and v4.x firmware’s:
Firmware Version 2.42.115 (01/15/2021)
As of January 15, 2022, support for prior generations of My Cloud OS has ended. We’ve made the
following changes as part of this release:
• Disabled Cloud Access support
• Disabled Notification Email support
• Added My Cloud OS 3 End of Support message in the My Cloud dashboard
If you’d like to keep using your device remotely, you must upgrade to My Cloud OS 5. My Cloud OS 5
contains critical security updates, and support for it is guaranteed through 2026. If you don’t upgrade your device, you’ll only be able to access it locally. Remote access, security updates, and technical support will no longer be provided. Check out our recent My Cloud updates to learn more.
Firmware Version 04.06.00-111 (04/15/2022)
As of April 15, 2022, support for prior generations of My Cloud OS has ended. We’ve made the
following changes as part of this release:
• Disabled Cloud Access support
• Disabled Notification Email support
• Added My Cloud OS 3 End of Support message in the My Cloud dashboard
You will continue to have local access to your stored content. Remote access, security updates, and technical support will no longer be provided. Check out our recent My Cloud updates to learn more.
One assumes they hide the Cloud Access section because it’s been disabled inside the firmware. Why have it there when it is disabled by WD?
Here is how my router settings look. Is this the right place to block the Mycloud?
Or maybe at this place?
Am I at the right place on my router to block the Mycloud?
What is the specific model of the Hitron cable modem? It depends on the capabilities of the cable modem/router if it will block client internet access.
| Hersteller | Hitron Technologies |
|---|---|
| Modell | CVE-30360 |
| Hardware Version | 1B |
| Firmware Version | 4.2.10.5-IMS-KDG |
| Boot Version | PSPU-Boot 1.0.16.22-H2.8.11 |
It appears (per this user manual for that router) that one would use IP Filtering to prevent a LAN client from communicating with the internet.
4.1.5 IP FILTERING
IP filtering allows you to prevent computers on the LAN from sending certain types of
data to the WAN. You can use this to prevent unwanted outgoing communications.
Specify the IP address of the computer on the LAN from which you want to prevent
communications, and specify the port range of the communications you want to
prevent. The CVE-30360 discards outgoing data packets that match the criteria you
specified.
Page 53 to 56 of that user manual has more on the IP Filtering option. I assume one would uncheck the Disabled option on IP Filtering then select the Add button if it appears, then input the port range (example 0 to 65535) then input or select the My Cloud IP address then hit the Apply button to apply and activate the settings.
Thanks Bennor,
Where did you grab out that user manual, i was so long searching for it 
Have to read it but why do you think it is the IP Filtering and not the MAC Filtering option? What is the difference? For my logic it is the same, depends on if one knows the IP or the MAC
I dont understand, if i block the Mycloud by MAC filtering, should I be able to connect the Myclound device from my PC/tablet in my local network?
Try googling “Hitron CVE-30360”. The manual was the top hit.
MAC Filtering: From Page 50, just under the 4.3 “MAC FILTERING SCREEN”
“You can set the CVE-30360 to allow only certain devices to access the CVE-30360
and the network, or to deny certain devices access”
Translation: If you click the MAC filter option to ALLOW; only those MAC addresses on the ALLOW table will be permitted onto the network. This is tighter security than merely having a password.
Also; see the MAC filtering definition on age 47 of the manual.
IP Filtering: Page 48 of manual:
“IP filtering allows you to prevent computers on the LAN from sending certain types of
data to the WAN. You can use this to prevent unwanted outgoing communications.
Specify the IP address of the computer on the LAN from which you want to prevent
communications, and specify the port range of the communications you want to
prevent. The CVE-30360 discards outgoing data packets that match the criteria you
specified.”
If your NAS is on IP address 192.168.0.10; then you would enter the IP range 192.168.0.10 to 192.168.0.10; with port range 0-65353 (This is all ports on a 16 bit address range).This should block all internet traffic from the NAS to the internet.
This is not as thorough as I would like - - > Since it still allows inbound traffic to the device; but it certainly will do 95%+ of what you need.
Thanks, but all this i have understood.
What i have not is: Is there and what is the difference if i put the MAC adress of Myclound on the deny table and set the rule to Deny. Or on the other side if i put the IP adress of Myclound on the IP block rules to block ports 0-65353?
As i understand Mac Filtering with Deny Table will not only block the WAN access BUT will also block my local access to Mycloud from my local devices, or am I wrong?
No. The whole purpose of MAC Filtering is to control which devices can connect to the local network by being issued a IP address by the router. It does nothing to address internet access to a network device already connected to the local network. If you enable MAC Filtering and deny the My Cloud MAC address then the My Cloud won’t be issued an IP address by the router and local network clients may likely note gain access to the My Cloud (in simplistic terms).
Just use IP Filtering to block all ports to the My Cloud. That should hopefully block internet communication from the My Cloud to the internet while allowing local network clients to continue having My Cloud access.
Don’t overthink it.
Please explain me the secont part of this with other words. What will the local network clients do/dont do? If Mycloud dosentget the IP from the router, i would suggest that the local clients sould not be able to connect the Mycloud. But I understand your sentence on other way around that they WILL gain access. Sorry my English in not good…
Other question: I want to reach the Mycloud by SSH on port 22. So instead to block all ports from 0 till 65353, can i make to deny rules for the Mycloud to block once from 0 till 21 and secondly from 23 till 65353, so that port 22 will stay unblocked. Or is there other possibility?
The user manual previously linked explains how MAC Filtering is treated on the Hitron router:
4.1.4 MAC FILTERING
Every networking device has a unique Media Access Control (MAC) address that
identifies it on the network. When you enable MAC address filtering on the CVE30360’s firewall, you can set up a list of MAC addresses, and then specify whether
you want to:
Deny the devices on the list access to the CVE-30360 and the network (in which
case all other devices can access the network)
or
Allow the devices on the list to access the network (in which case no other
devices can access the network)
More on how to configure MAC Filtering is found on page 50-53 of that user manual link. If you cannot read or understand that user manual do an internet search for that user manual in your own language.
If the above English user manual description doesn’t explain MAC Filtering well enough, then do an internet search for “MAC Filtering” to find a general explanation (in your own language) of what MAC Filtering typically does. MAC filtering generally is used to deny or allow only certain LAN clients (Wired or WiFi LAN clients) access to the local network and the router itself. Or see the router embedded help for more information about what each feature does.
Port Filtering generally does not affect and does not limit local network access to a LAN client. Port Filtering is used to block LAN client traffic from accessing the WAN (Internet). If you block the entire port range ( 0 to 65353) it should not affect local network access, including not affect local network clients SSH (port 21) access to the My Cloud.
