Security - What do I need to be aware of?
Posted: Tue Dec 20, 2011 5:22 pm
by jonathankonrad
I was not doing anything on my HDA that was public facing until a few weeks ago. Now I'm running several Web services off of it. What security concerns or precautions do I need to take to make sure my data is protected? Thanks.
Jon
Re: Security - What do I need to be aware of?
Posted: Sun Jan 01, 2012 1:24 pm
by jonathankonrad
Sorry to bump my own topic, but is there a wiki or something I can follow to ensure good security? One specific question I have is do all users need to have access to the Amahi software through the web? Right now I have only four users in my house. They all need accounts to access the shares I have setup on the HDA. However, some of them have incredibly weak passwords. That's OK for internal network, but I noticed I could hit my HDA from my external IP, then use my Amahi login to get to the apps page, then install the apps proxy, then install a terminal app, then log on to the HDA and ssh into other machines on my network. All from an external IP and the only password I used was my amahi account.
If my daughter's login with her super weak password could do that too I'm in trouble. So is there a way to ensure she can use all the shares internally through SMB but has no access to the HDA (specifically the web management) at all?
Thanks.