Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[speedyarmadillo]

I have seen a few threads where Alt-F firmware has been mentioned regarding particular features, but does anyone know how it compares to OEM fw regarding stability (file corruptions or files not written etc) and security (open security holes, ability to patch them, etc) compared to older D-Link fw1.04-1.05.  I will not use apps like "My D-Link", "My Surveillance", or install any P2P packages etc, as I just just want this 320L to reliably back up parts of my other computers and servers, so stability/security are more important to me than add-on app functionality.

My reason for asking is that I bought a DNS-320L to use as a backup device, and my plan had been to update to the latest D-Link firmware so I have the latest security patches, install Fun_Plug, configure it for SSH access, install rsync etc, and configure it for nice seamless backups.

My problem arose when I discovered that the latest firmware (fw 1.06b03) no longer allowed Fun_Plug installation, and so I am now left with the choice of either:
A) Using older firmware (1.04 or 1.05) in order to allow Fun_Plug installation, but then I have to live with whatever security holes the old fw1.04 or 1.05 have in them, or:
B) Use the 3rd party "Alt-F" firmware which would give me the functionality I wanted with Fun_Plug (and more), but I am unsure as to its stability being as the developers name it as "release candidate" status rather than "released" (the latest release of Alt-F is "RC4.1" but I do not know if the developers use the same loose standards that too many program developers use when declaring something "stable" and releasing it, or if the Alt-F developers are just being very conservative before declaring Alt-F as "released" (which would be great actually as I wish more developers would take that approach)).

So, does anyone out there know how "Alt-F" compares to the older D-Link firmware 1.04 or 1.05 when it comes to stability and security?

Thanks.

[ivan]

First of all you need to define how and what access your NAS will have and then decide what you want to do.

For example: Our even older DNS-320 NAS boxes still run the same firmware they had when we bought them years ago and we don't see any security problems with them.  They are used as the first port for the nightly backups of our workstations via rsync.  They are on our internal network and do not have access to the internet nor does the internet have access to them because that is blocked by our firewall.

It sounds as if you are wanting to do something similar, if so then provided you limit access to your NAS there shouldn't be any problems. 

We also use several DNS-343 boxes as off site backup to our servers and storage array using SFTP with everything else blocked by the router firewall and even the SFTP is blocked except for one dedicated IP address.
 

[speedyarmadillo]

Hi ivan.

Yes, it is for incremental backups, but I still want it and every device behind my firewall to be individually secure, because once any device behind my firewall is infected, then the whole LAN gets attacked from behind the firewall, meaning the firewall can no longer protect me at all.  There are a number of scenarios I can think of that could compromise a device behind a firewall (zero day events, vulnerabilities in your Linksys or D-Link router due to the glacially slow pace they have at releasing updated firmware, an Android phone with StageFright vulnerability, etc) which is why it is always prudent to assume your firewall can be breached, and why I am concerned with using old firmware that has vulnerabilities.

Unfortunately all I ever see in release notes are generic lines like in the fw1.06 release note that says it has "Several new security enhancements" without listing what they patched.  Were these "security enhancements" fixing extremely minor security flaws such as an attacker being able to cause the device to freeze for 2 seconds but never compromise data, or major flaws that allowed root access?  So if anyone knows the severity of security flaws in fw1.04 or 1.05, or knows where this information is available at, please chime in.