Given how notorious the Chinese government is in forcing local companies to add spyware to their products or store encrypted data for future decryption when quantum computers will become more feasible (e.g. Huawei), how secure do you think their Terramaster NAS products are? Is it worth the cost or is it best to just steer clear of these?

  • povlhp@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    With all those “smart” devices (Including Internet of Crap), the rule of thumb is to put them on their own VLAN. Then put network filtering in place, such that nothing can talk out of this VLAN. And all you client devices that needs Internet access can then talk to them in the other VLAN.

    You could allow specific destinations for them, but even DNS, it is better to just have a service exposed to them that only uses a hosts file to avoid VPN or exfiltration over DNS.

    That is best practice. If you want to run a software update, you can open up, and update, and close down again.

    Security is about being paranoid.

    • tagit446@alien.topB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      I had to do this with an NVR security camera system I got off Amazon. The NVR is was constantly sending data to servers in China. Using pfSense I put it on it’s own VLAN and used firewall rules to stop it from reaching the internet. I also setup an OpenVPN server so i can access it remotely when away from home.

      • povlhp@alien.topB
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        You just need something that can act as firewall betweent he 2 networks, say a Linux box, and then have different SSID for secure and china devices, and VLANs.

        OpenWRT is a good thing to have on your APs.

        VLAN and firewall are the things to google.