How bad to open port 445?

[White Widow]

Bottom line: I want to be able to access my 2TB Iomega NAS while on travel this week. I have a VPN gateway coming from Newegg, but it won't be here in time. How bad is it to open port 445 on my firewall if it's only forwarded to the NAS and not a full Windows PC? There's nothing on the NAS that's particularly sensitive, and all the folders are password protected.

Thanks,
Aaron

 

[reicherb]

If you only forward it to the NAS box, then worst case the NAS box becomes compromised. If the data isn't sensitive, then go for it.

 

[Nothinman]

And if the NAS becomes compromised it can be used as jumping off point to the rest of the network.

But I would be surprised if your ISP doesn't filter inbound CIFS traffic anyway, I believe most do that these days.

 

[Emulex]

BAD. Comcast business has no blocks. use a vpn to bridge services man. it's a linux box. hell use ssl tunneling. anything.

 

[Nothinman]

BAD. Comcast business has no blocks. use a vpn to bridge services man. it's a linux box. hell use ssl tunneling. anything.

Of course not, business accounts should have no ports blocked. But the OP makes no mention of paying for a business account or the ISP he's using.

 

[JackMDS]

As per OP.

Fact 1. I have a VPN gateway coming from Newegg.

Fact 2. There's nothing on the NAS that's particularly sensitive.

Fact 3. All the folders are password protected.

Answer posts.

- - - - - :twisted: - - - :| - :hmm:

I am Not saying that keeping the port open free is good practice, but given the above facts for short period of time ????

.

 

[Nothinman]

As per OP.

Fact 1. I have a VPN gateway coming from Newegg.

Fact 2. There's nothing on the NAS that's particularly sensitive.

Fact 3. All the folders are password protected.

Answer posts.

- - - - - :twisted: - - - :| - :hmm:

I am Not saying that keeping the port open free is good practice, but given the above facts for short period of time ????

.

Fact 2 doesn't matter, if someone breaks into the NAS they could use that as a jumping off point to anything else on the network or just install something to make it a remotely controlled zombie. Lots of people would rather have your bandwidth more than any of your data.

Fact 3 doesn't mean much either, especially if that password is the same as any oother on the network or some other service like GMail.

Sure he might get lucky and have nothing happen, but it only takes a few minutes to get broken into when you put anything unprotected on the Internet.

 

[skyking]

Do you have somebody out of your ISP's network who can do some testing? It would be a shame to think you had it working only to find out otherwise.
IF not:
I would set a strong password for your router and enable remote administration, make sure you had a strong password for your desktop, and set up port forwarding to the desktop but not enable it.
Log in to router, enable port to desktop, log into desktop. Move files as needed.
Turn off port when done.

 

[JackMDS]

D
I would set a strong password for your router and enable remote administration, make sure you had a strong password for your desktop, and set up port forwarding to the desktop but not enable it.
Log in to router, enable port to desktop, log into desktop. Move files as needed.
Turn off port when done.

+1

I forgot about this option.

Same can be done for the NAS :thumbsup:

I would also would change the management remote port of the Router to a port of high number (e.g. 63164).

 

[Emulex]

if the router is based on FOSS i'd still scan all apps for issued warnings. you know damn well those cheap qnap linux implementations do not get updated with every critical issue (ssh,ftp,apache,etc). so that makes its pretty scarey and a VPN isn't really protection if someone gets in on either side.

 

[hawk82]

Why not install hamachi on your Windows 7 PC and then on whatever client computer you are bringing with you? Then you can securely access your NAS (and Win7 computer) without opening any ports to the internet. You'd need to leave your Win7 computer turned on however.