bamboo
@bamboo@lemmy.blahaj.zone
- Comment on D-Link refuses to patch a security flaw on over 60,000 NAS devices — the company instead recommends replacing legacy NAS with newer models 5 weeks ago:
If you’re using one of these models, it’s highly recommended that you replace your NAS system with one that’s still receiving patches from the manufacturer. If that isn’t possible right now, Netsecfish suggests restricting access to your NAS settings menu/interface to only trusted IP addresses. You could also isolate your NAS from the public internet to ensure that only authorized users can interact with it.
Emphasis mine, regardless of this incident, even with a brand new supported model, it shouldn’t be exposed to the internet. Half the reason these security issues are such a big deal is because manufacturers wanted to make things simple and designed it to sit on the open internet, so they wouldn’t have to deal with support requests. Now their customers are exposed because of poor recommendations and the lack of updates.