Given how notorious the Chinese government is in forcing local companies to add spyware to their products or store encrypted data for future decryption when quantum computers will become more feasible (e.g. Huawei), how secure do you think their Terramaster NAS products are? Is it worth the cost or is it best to just steer clear of these?
Yes. Next question.
ANYTHING from china is suspect.
Genuinely asking: in case the device actually has a malicious back door (et similia threat), can it be reflashed with an Open Source OS?
If you take it and install UNRAID or your own choice of Linux server it should be safe. If you’re super worried just block it from the internet.
With all those "smart" devices (Including Internet of Crap), the rule of thumb is to put them on their own VLAN. Then put network filtering in place, such that nothing can talk out of this VLAN. And all you client devices that needs Internet access can then talk to them in the other VLAN.
You could allow specific destinations for them, but even DNS, it is better to just have a service exposed to them that only uses a hosts file to avoid VPN or exfiltration over DNS.
That is best practice. If you want to run a software update, you can open up, and update, and close down again.
Security is about being paranoid.
I had to do this with an NVR security camera system I got off Amazon. The NVR ~~is~~ was constantly sending data to servers in China. Using pfSense I put it on it's own VLAN and used firewall rules to stop it from reaching the internet. I also setup an OpenVPN server so i can access it remotely when away from home.
Interesting, can you share some literature on how to do this or give me some queries to use in Google.
You just need something that can act as firewall betweent he 2 networks, say a Linux box, and then have different SSID for secure and china devices, and VLANs.
OpenWRT is a good thing to have on your APs.
VLAN and firewall are the things to google.
Commun sense people
Stop buying just bc is cheap.or has a new tech or proccesor etc
Unless you dont give two cents about what you store or what network you plug it in
Are you storing data that the Chinese government would be interested in?
if its not allowed to route out, who cares? 🔥wall it off
There’s an old joke in infosec about wanting firewalls made by every different nation. You want a Cisco device, that has back doors for the Americans, a Huawei device that has Chinese back doors, and a Juniper device with Israeli back doors. Put them all together and you should be good
Juniper is Israeli? I didn't know that
Silicom is Israeli too, as was Mellanox before the Nvidia acquisition.
Now that you mention it, it's Checkpoint. I got them mixed up. Corrected
No no no, that's not good enough. You also need a Palo alto because all the cool kids are running it and a pf sense for good luck
Don't forget an EDR solution because the execs are too embaressed to ask what it means so they buy it to save their egos
EDR, XDR throw money at all the acronyms :D
Doesn’t everyone just google it to remember anyways?
That's the problem with so many acronyms in networking
rofl - Americans are getting smarter.
There's no such thing as a "Privately Owned Business" in China...the CCP will always be a shareholder
I mean, aren't QNAP and Synology Chinese manufacturers too?
Absolutely
i audible said “what. the. fuck.” reading this.
hot take:
it doesn't matter if China has your data, it matters if the USA does
I'm not a chinese citizen
Better than the CIA watching your back and notifying the IRS.
Yes. Always yes.
Given how notorious the Chinese government is in forcing local companies to add spyware to their products or store encrypted data for future decryption when quantum computers will become more feasible
rofl you live in the UK. worry about MI5 and GCHQ, not President Xi, as they are doing that shit to you right now and actually have the capacity to arrest you!
You can easily and relatively cheaply build a NAS with something like TrueNAS or just a Debian file server that I would trust a lot more than anything off the shelf made with closed source code with who knows built in.
If all you are storing there are movie and cat pictures, you shouldn't be concerned in anyone spying on you.
Having recently purchased a really nice looking piece of network gear with all the features I wanted at a very low price from a Chinese vendor that had absolutely no existing reputation I was aware of, my experience was enlightening with the final lesson being re-taught: you get what you pay for.
If your use case is within the boundaries of the equipment's quality limits then you will probably do fine, but I suspect if you try to explore the more complex features of the equipment you will find out where the lack of effort and cost reduction comes from.
how secure do you think their Terramaster NAS products are
I don't think this would be any less secure than any other consumer vendor device. I just don't think you'd be able to get much help if anything is broken, and I wouldn't expect to see any fixes for bugs.
You definitely should not put something like this directly on the Internet, and that advice isn't limited to Chinese hardware. It is pretty easy to limit a device like this from "phoning home" at your Internet edge if you're concerned with such things.
Pribably
My NAS is behind my firewall, blocked from all internet access, so no problem for me, no one to phone home to.
One word. YES
I had a Terramaster NAS years ago. It was secure. Never had any intrusion attempts. It was just lacking in power. Switched to a Ryzen based QNAP with dual 2.5G NICs for performance. 5x the cost, but worth it.
I find Americans’ fear of Chinese manufactured products really strange. I’m sure some of those commenters were doing so on their iPhones. Be more concerned about the US government having the ability to read your emails for the last 22 years.
If it's already been purchased, put it in an isolated VLAN, restrict all device-initiated internet traffic from it. Watch your logs for both DNS and outbound connection attempts from it for a few days.
It makes no difference if the device is Chinese, American, Russian, etc, assume nothing should be trusted and use the principles of least privilege at all times...
I actually bought one of these a while ago. I left it behind when I moved house, honestly wishing I had bothered to pick it up when I left. I personally would be very careful about using one. It's not bad at doing what it's designed for, that is accessing files over a network. You can install a few apps on it and it even has docker support without needing modifications even on the ARM varient I had. The USB speeds where quite bad though that's mainly because I had a weak arm model. The real issue with it is security. Mine had some servies port forwarded to the internet so I could remote login via ssh and web gui to do stuff. This was a designed feature as they even gave you a way to access it without ddns. They didn't do enough to secure it and it had lots of vulnerabilities that led to mine getting ransomwared using a remote vulnerability. If you never port forward to it it should be okay, but if you have any intention of doing that then it isn't secure enough at all. That is what made me leave it behind and move back to a PC for my home server setup.
Avoiding those currently.
We have to be genuinely concerned about streaming fobs and WiFi lightbulbs, so NAS devices should not be dismissed either.
You should only buy US made hard drives. I am just not sure if there is any though that you can afford . Good luck.
If you are concerned about privacy, then your only choice is Open Source on your own hardware.
where was the device on which you wrote this made ?
If you're worried about privacy and security you can always DIY. If you are able, it's always the best option for a NAS.
I got a Terramaster but I installed OMV on it. Is it still risky ?
Under sensible configuration they can be OK. If look at it from vulnerability perspective, most of those devices are running Linux of some sort, so they all are vulnerable, unless updated frequently. A lot of vulnerabilities can be used to create backdoor, so it’s like one more or one less. But if you cut it off from internet and access it only from LAN or VPN, how those vulnerabilities will affect you? If there is opensoyrce firmware for it, like true storage or openwrt, that should cover you from built-in backdoors. I would only question hardware quality.
I'll never knowingly purchase tech from the CCP
You should be concerned with every country and their technology being sold to you.
If it’s a technology company then they have humans who are doing what they are told for their paycheck.
That means all companies are doing it not just China. The USA tech companies are doing it. The India tech companies are doing it. The South Korean companies are doing it. The China companies are doing it. Etc… Etc… Etc…
The true complicity of humanity.
A community to help people learn, install, set up or troubleshoot their home network equipment and solutions.