internet access to file server through port forwarding-- I can see truenas login page but no server?

[Samuel Tai]

@Patrick M. Hausen, I don't believe that's a safe option, as WebDAV, so far as I know, doesn't lock out accounts after several attempts. Even with a complex password, there are sufficient rainbow tables online that finding a match would be only a matter of minutes.

 

[Patrick M. Hausen]

There are rainbow tables for random 40 character passwords?

That's what I use for IKE with PSK and similar. I wasn't implying a password you could memorize and type in. I never use foreign untrusted devices. I do use static passwords occasionally and of course a password manager.

 

[Samuel Tai]

Yes, I believe there are now rainbow tables that long. I've looked into Unicode passwords, to be able to bring in things like Japanese characters, as so far as I know, there aren't any rainbow tables for 2-byte characters yet.

 

[Patrick M. Hausen]

Re-thinking the topic - if I am not mistaken, rainbow tables only work against know cyphertext. How do you intend to get hold of the password hash on the TrueNAS? If your remark was true that would make all HTTP based password authentication irrelevant today. Male sure to use an encrypted channel, of course ...

 

[Samuel Tai]

Re-thinking the topic - if I am not mistaken, rainbow tables only work against know cyphertext. How do you intend to get hold of the password hash on the TrueNAS? If your remark was true that would make all HTTP based password authentication irrelevant today. Male sure to use an encrypted channel, of course ...

In this case, since there's no lockout, it's a simple matter for a bot to just run through rainbow tables until it gets a password match and a successful login. That's why your bank limits the number of tries before locking you out, and forcing you to jump through some hoops to reauthenticate via an offline channel before unlocking your account.

 

[Patrick M. Hausen]

I am talking about a randomly generated 40 character password. Even with only lowercase, upper case and numbers this is equivalent to 238 bits if we can trust the online calculator I have found.

Kutatua

Jobs, Carpooling, Clients from Hell, Joblessville, Online calculators and various unit converters.

kutatua.com

 

[jgreco]

OwnCloud/NextCloud are basically WebDAV, so, the risks there are basically that a zero-day opens you up for pwnage, so you are best off running those things in a jail and keeping them updated.

 

[jgreco]

I'd like to apologise

No reason to apologize for trying to be helpful, it's better to get a plethora of responses than none.

as I didn't even realise there were posts above the one I'd replied to!

There weren't (probably). I condensed three separate threads.

 

[Ericloewe]

I'd like to make a point regarding WebDAV and related things:
It's probably not as secure as it could be, but you don't expose your entire physical machine either, if done right. If you're looking to have a semi-public share, with non-sensitive data, that's backed up to a separate dataset, with a properly-jailed server, etc. then it might be a good option.

Granted, you have to fit the niche and it might not be that large.

 

[stevetrue]

I suppose truly OpenVPN is not the easiest way, Teamviewer or NoMachine to a simple Windows/Linux/Mac machine on the remote network probably would be.

I tried the openvpn route, it was complicated. I tried using word press but it didn't work either. I just want to figure out how to get to my file server from a web address. I can add security later because the server has nothing on it.

I am becoming youtube certified, but a lot of videos are missing steps etc... Thanks