DLink DNS 323 NAS and FTP Security Risks

[jrak]

I recently acquired a D-Link DNS-323 NAS which I have behind a D-Link DIR-655 Router. Although I’m using it primarily for back-up, I would also want to access files while I’m on the road. But I’m a bit concerned about the risks associated with opening up a port on the router. The NAS reportedly has the ability to use FTP over SSL/TLS, but I’ve been unable to use it successfully. (Based on what I’ve read on the D-Link user forum, neither has anyone else.) So, there is a risk of an unencrypted password being picked up. If that problem was addressed, I would still be concerned about having a port open. Would a lengthy password of random letters, digits and symbols offer sufficient protection? Are there other ways to compromise a router and get past a good password? Or am I just overly anxious about the risks posed by keeping a port open?

 

[jrak]

I'd like to pose the question that I raised previously in another way. Is there anyone who is using the DNS-323 as a server or any similar NAS as a server that has been hacked by an intruder? If so, what were the consequences of being hacked?

 

[thiggins]

Opening a standard FTP port will get you scanned within seconds. At minimum I'd run FTP on a non-standard port. And, yes, you'll need strong passwords for both the FTP account and for your router admin.