Security & NAS with built in Apache web server ?

[AaronD]

Guys

What are the security implications of using the inbuilt Apache web server that comes with the QNAP and Synology NAS's to host a web site ? (I'm only asking for QNAP and Synology - as my purchase will be one of these) Especially if you use the Bitorrent client on the NAS ? Or would it be better not to use the Bitorrent client ?

Has anyone got any experience of this ?

I believe Apache can be hacked just like IIS. Just How secure is the Apache Web Server feature on the NAS's ?

As I understand firmware updates are limited to just a few a year, so any security holes are unlikely to be adressed swiftly ? If I am wrong on this - then please let me know.

I am intending to host several web sites on a NAS.

cheers
Aaron

Ps.If I have put this in the wrong section, please feel free to move it.

 

[AaronD]

Follow up

I've been researching this today and been reading this:

http://isisblogs.poly.edu/2008/04/0...ties-in-all-synology-products/comment-page-1/

and the Synology forum here:

http://forum.synology.com/enu/viewtopic.php?f=115&t=7304&start=60

Is this cause for concern ?

Does anyone have a view as to whether this is a common issue across the board, with manufactured NAS that offer Apache in the box ?

I may go back to my original plan of a DIY System Server\NAS... damn. I love buying new shiny IT kit

 

[thiggins]

Anytime you expose a device to the Internet, you are taking on some risk.

Having the machine behind a router/firewall and opening only the ports required to expose the desired services will help to minimize the risk. Of course, you should also have a strong admin password and not allow remote administration access.

If you must have remote admin access, be sure it is secure and change the default operating port.