Secure Network Configuration for N5200PRO

I just recieved and installed my N5200PRO. What a cool box!!!!

The purpose of this NAS is to act as a central storage device for my large collection of digital images, and to act a music server running the Slimserver. The music files are stored on the NAS.The image and music folders are currently under a public share, mapped as a network drive on my PC.

I'm trying to figure out how to properly configure my network in order to secure the NAS as much as possible. I currently have a cable modem, a wired/wireless router, a PC and a laptop. At this point in time, my router is connected to the cable modem, both my PC and NAS are hard-wired to the router, and my laptop and Squeezebox device use a wireless connection. The NAS is connected to the router via the WAN port.

My router and my wireless network configuration is, I believe, rather secure. The router has a built-in firewall (enabled), does not broadcast its SSID, has WPA-PSK/TKIP security enabled, and uses MAC address filtering to only allow my laptop and Squeexzbox to connect wirelessly to it.

Still, I'm concerned about having the NAS connected to my router via the WAN port, but I do not know whether I can do anything safer...

My requirements are as follows:

1. I would like to keep my printers connected to my PC, and access these from my laptop
2. I would like to continue sharing a few folders on my PC, and access these from my laptop
3. I need HTTP access from my PC to the NAS
4. The Slimserver software, which serves the wireless Squeezebox device, runs as a web application and needs to give http (I think) access from the Squeezebox to the NAS
5. I need to access the Slimserver configuration page via HTTP from my PC, and would also like to access it from the laptop if possible.

I do not think that, given the above requirements, I can change my NAS connection from WAN to LAN. But as I don't know much as about the NAS and Linux, I'd really appreciate the feedback from this community as to how to make my setup as safe as possible. My main concern has to do with not giving hackers access to the NAS.

TIA,

Rob

Hi Rob,
sounds fine - I have a similar setup and have blocked all incoming traffic on the routers firewall. After that I had opened the ports which I need for access from outside. If You don't need any access from outside, then blocking all access from the internet to your LAN gives high security.
WPA on WLAN is the best solution at the moment.
br
Peter

Thanks for the feedback, Peter! I appreciate the help.

Rob

Well, I also do not think that atm. you could have it safer...

Just make sure that if you open access from the outside (like ssh), choose passwords wisely. My router is hacked many times every day. Passwords are wise when they're long enough and are not in any password-database. They shouldn't be "everyday use-words". This also goes for your WPA!!! Also don't include any personal information in your passwords. Today hackers will be able to get personal infos on you and they'll try them when attacking...

Thanks for the advice, Stefan...

No ports are opened to the outside world at this time, and my passwords are long, combine letters, numbers and special characters, and are rather complicated.

Rob