New
#11
Nice book :) once you understand the basics of TCP/IP everything that uses it becomes easier to understand. Especially when getting into how routers work and how they decide which path is the best.
Josh :)
Nice book :) once you understand the basics of TCP/IP everything that uses it becomes easier to understand. Especially when getting into how routers work and how they decide which path is the best.
Josh :)
Hi Josh, I think I successfully blocked my NAS from internet access by using the Internet Access Control feature of my router as you suggested. This is what I did:
- Logged into the router's (TL-R600VPN) web configuration page
- Went to "Access Control"
- Clicked on "Add New"
- "Rule Name"="NAS_Block"
- "Click here to aadd new host list"
- "Mode"="IP Address"
- "Host Description"="NAS"
- LAN IP Address"="192.168.0.99" (static IP assigned outside DHCP scope)
- "Save"
-"Host":"NAS"
-"Target"="Any Target"
-"Schedule"="Anytime"
-"Action"="Deny"
-"Status"="Enabled"
-"Save"
Once this rule was created as above I ticked "Enable Internet Access Control" and " Allow the packets not specified by any access control policy to pass through the Router", then click "Save"
I then tested a simple internet access operation from my NAS like time synchronization and it was unable as access to the net was blocked.
So is this the most secure way of protecting the NAs from the Internet (as secure as physically unplugging the cable), or could someone hack the router, change its configuration and gain access to any LAN's host (including the NAS)?
Nice, I'm glad you managed to work it out :)
It is going to be as secure as you're going to get. Your router should not accept requests to access it's settings from the outside and plus a hacker will have to try and evade your ISPs security infrastructure before reaching you so you are pretty secure from that standpoint.
The only way a hacker could easily gain entry is by your machine. Therefore make sure that you have a good anti-virus application so that any malware that could try and gain entry to the network is negated. Apart from that most entry points are secure :)
Of course please be advised that anyone who connects to the switch will have access to the NAS so you may want to look as to how physically secure your switch is. To be honest if it's in your house I would be more concerned about them breaking in the house rather than trying to access your NAS
Hope this helps,
Josh :)
Correct, though if someone still gets physical access they will be able to communicate with your machine and any other device on your network but the NAS. They would also be able to access your router settings if they are connected by the switch however I am assuming you have an appropriate username and password to try and circumvent that.
Josh
Josh, the router settings are protected by a username and password, and also I set a filter by which only the MAC address of my PC can access it.
regarding other hosts in the LAN, a newcomer connected to the switch won't be able to access other LAN devices or the internet if they are also protected by appropriate permission rules either locally or through the router.
Well, as you said earlier, I think I have to worry more about someone intruding my home and stealing.