Just stumbled across this (overly dramatic?) article and thought I’d just post it here…

It’s more to act as a reminder that if you’ve got a NAS that is serving content to the interwebs, then make sure it’s behind a proxy of some kind to prevent weaknesses (ie in the management Web UI) being exposed.

Obvz, this article is pointing to Zyxel, but it could be your DIY home-built NAS with Cockpit: CVE-2024-2947 - just an example, not bashing that project at all.

I’ve used Squid and HAProxy over the years (mostly on my pfSense box) - but I’d be interested to know if there’s other options that I’ve not heard of

  • Matt The Horwood
    link
    fedilink
    English
    45 months ago

    Depending on the login flow, I have a lot of stuff behind an oauth proxy. So that you have to have a working 2fa account to see the non 2fa system behind.

    • SayCyberOnceMoreOP
      link
      fedilink
      English
      45 months ago

      I must get around to looking into 2FA / MFA sooooon (next ~5 years)

      Did you find it really straight forward to get setup?

      I think the fear of getting started with these things is sometimes worth it (home system offline for days) but often it’s quite simple…?