Nearly all organizations own some NAS device that they can use for various purposes.
Firstly, as a backup destination which is the most common usage.
Secondly, as a Web Server and thirdly; as a hypervisor; hosting Virtual Machines on their own.
In this post, we focus on how to apply the best practices to such devices regardless of their usage.
The below steps are vendor agnostic and can be applied to the majority of the NAS boxes:
- Encrypt NAS volumes
- Disable SMBv1
- Disable HTTP and Telnet access. Allow only HTTPS and SSH connections
- Be extra careful while creating your user objects and their permissions
- Configure notifications for user logins. Set a fixed routine to manually check the NAS logons if your device doesn’t have such an option
- Do not overlook the vendor updates for your device. Always download and install them in a timely fashion
System & Network Performance
- Retain only the software that you need and get rid of everything else. NAS devices have numerous Media Center applications built-in which you often don’t need
- In the case used as a hypervisor, pay attention to the disk configuration. Choose the RAID setup that fits your requirements. Follow this link to a handy RAID calculator which comes for free
- Aggregate network interfaces to get the maximum possible speed out of the NAS
In conclusion, the above configuration can greatly benefit a NAS device while it doesn’t come with any tradeoffs.
It always comes to my surprise, how NAS devices often go unnoticed in an infrastructure given their important role.
Remember; this is another location where company data lives and we want to ensure they are safe and well.
You are always welcome to make your own suggestions and I will ensure to add them to the above list.
Thank you for reading!