Just stumbled across this (overly dramatic?) article and thought I’d just post it here…
It’s more to act as a reminder that if you’ve got a NAS that is serving content to the interwebs, then make sure it’s behind a proxy of some kind to prevent weaknesses (ie in the management Web UI) being exposed.
Obvz, this article is pointing to Zyxel, but it could be your DIY home-built NAS with Cockpit: CVE-2024-2947 - just an example, not bashing that project at all.
I’ve used Squid and HAProxy over the years (mostly on my pfSense box) - but I’d be interested to know if there’s other options that I’ve not heard of
As someone who isn’t a fan of e-waste, I really hate these little “appliance” type NASes. Companies abandon them while they’re still perfectly usable and meeting someone’s needs, and tell you oh sorry, I guess you should buy a new one and throw your current one away. (Which, annoyingly, the article also does.)