qwertymodo
Contributor
- Joined
- Apr 7, 2014
- Messages
- 144
The two main reasons I am building my FreeNAS machine are for archive/backup of my important documents and to use it as "personal cloud" storage for files I may want to access from outside my home network, or on someone else's computer or public/lab computers. For the first goal, BTSync works great to silently and automatically back up my files without the NAS actually being publicly accessible, but for the latter I actually need to be able to access the NAS from outside my home network. Obviously, this opens up a whole new can of worms, and as I'm not an experienced sysadmin, I'm looking for some advice on best practices for securing myself, while still allowing myself access.
First of all, I have searched around, and having found threads like this one, so I'm aware of the fact that FreeNAS is not designed to be connected publicly. However, what I'm not clear on is whether or not this means it shouldn't be made publicly accessible at all? Or does that simply mean that it should be placed behind a dedicated firewall device instead of acting as its own firewall? So, I guess the best way for me to approach this is to just lay out what I'm hoping to do, and then ask for general advice on best practices in achieving it in a secure manner.
-I plan to have a small number of users able to access this NAS, each with their own user account. Mostly, it will just be me, but I want to allocate some space for a few friends and family members. Most likely no more than 5-10 users total. I may also include a guest account with read-only permissions to handle this particular situation.
-All of my users will be running Windows clients, so CIFS sharing would be nice, but if it's not possible to do it securely, that's okay. Personally I can live with SFTP or something similar, and my less-computer-literate family can stick with the OwnCloud interface.
-The bulk of my usage will be a combination of BTSync and OwnCloud, and I'd like the OwnCloud WebUI to be available publicly. I have my own domain name, so I'd like to be able to access OwnCloud as a subdomain on my domain.
-This will be hosted by a friend who is currently hosting several servers at his house. Obviously, I'll need to confirm with him what he has in terms of firewall, etc. but another consideration is that I won't have physical access to the machine. I won't want to expose the FN WebGUI to the internet, but I'll need some way of accessing it remotely. I'm assuming that can be done through an SSH tunnel?
-My board supports AES-NI, so I'll be using full-volume encryption. Not sure if that really matters from the standpoint of network-side security, but I figured I'd mention it.
Basically, I'm an experienced computer user looking at my first foray into hosting, without any real experience or training on that end of things. I understand this is a complex topic, I understand that I need to do my research, but I also understand there's a lot of bad advice out there from people who know more than me but less than they should. So yes, I've searched and I've read, but sometimes there's no substitute for an actual dialog. If you don't want to answer because this has been asked and answered a million times, nobody's forcing you to. If you do feel like answering, it would be greatly appreciated.
First of all, I have searched around, and having found threads like this one, so I'm aware of the fact that FreeNAS is not designed to be connected publicly. However, what I'm not clear on is whether or not this means it shouldn't be made publicly accessible at all? Or does that simply mean that it should be placed behind a dedicated firewall device instead of acting as its own firewall? So, I guess the best way for me to approach this is to just lay out what I'm hoping to do, and then ask for general advice on best practices in achieving it in a secure manner.
-I plan to have a small number of users able to access this NAS, each with their own user account. Mostly, it will just be me, but I want to allocate some space for a few friends and family members. Most likely no more than 5-10 users total. I may also include a guest account with read-only permissions to handle this particular situation.
-All of my users will be running Windows clients, so CIFS sharing would be nice, but if it's not possible to do it securely, that's okay. Personally I can live with SFTP or something similar, and my less-computer-literate family can stick with the OwnCloud interface.
-The bulk of my usage will be a combination of BTSync and OwnCloud, and I'd like the OwnCloud WebUI to be available publicly. I have my own domain name, so I'd like to be able to access OwnCloud as a subdomain on my domain.
-This will be hosted by a friend who is currently hosting several servers at his house. Obviously, I'll need to confirm with him what he has in terms of firewall, etc. but another consideration is that I won't have physical access to the machine. I won't want to expose the FN WebGUI to the internet, but I'll need some way of accessing it remotely. I'm assuming that can be done through an SSH tunnel?
-My board supports AES-NI, so I'll be using full-volume encryption. Not sure if that really matters from the standpoint of network-side security, but I figured I'd mention it.
Basically, I'm an experienced computer user looking at my first foray into hosting, without any real experience or training on that end of things. I understand this is a complex topic, I understand that I need to do my research, but I also understand there's a lot of bad advice out there from people who know more than me but less than they should. So yes, I've searched and I've read, but sometimes there's no substitute for an actual dialog. If you don't want to answer because this has been asked and answered a million times, nobody's forcing you to. If you do feel like answering, it would be greatly appreciated.