|
ASUSTOR Newsletter July 2023 Issue 200 |
|
|---|
|
Learning How to Protect Your NAS
|
|
|---|
|
We all know data protection is very important. In addition to regularly adhering to consistent 3-2-1 backups, it is also necessary to perform measures that decrease the risk of data loss. We go into more detail about several methods described in a previous newsletter. |
|
|---|
|
1. Ensure ADM is Up to Date:
ADM continues to bring award-winning features with each and every update. But also with these updates come security fixes and patches. In order to help protect data, it is recommended ADM is always at its latest version. |
|
|---|
|
2. Strengthening Your Credentials:
Disabling the admin account and setting a strong password is something that is often overlooked. Many leave the admin account on with a simple password for convenience, but this makes it easier for the account to be broken into. Head to [Access Control -> Local User -> Add] and create a new admin account, set a strong password, and disable the default admin account. |
|
|---|
|
3. Defending ADM with ADM Defender:
Click [Settings -> ADM Defender -> Network Defender] in ADM to enable the automatic blacklist to assist in preventing malicious attacks and login attempts. When any client IP address repeatedly fails to log in more than a specified number of times within a specified time, the IP address of that user will be automatically blocked. |
|
|---|
|
A Cross-Site Scripting(XSS) vulnerability was found on ADM, LooksGood and SoundsGood Apps. An attacker can exploit this vulnerability to inject malicious scripts into the target applications to access any cookies or sensitive information retained by the browser and used with that application. (CVE-2023-2509)
- The issue has been fixed on ADM 4.2.2.RI61.
|
|
|---|
|
EZ Sync service fails to adequately handle user input, allowing an attacker to navigate beyond the intended directory structure and delete files. (CVE-2023-2909)
- The issue has been fixed on ADM 4.2.2.RI61.
|
|
|---|
|
The Netatalk development team disclosed multiple fixed vulnerabilities affecting earlier versions of the software on the latest release of Netatalk 3.1.13: CVE-2022-43634 and CVE-2022-45188.
- Netatalk 3.1.13 patch has been updated on ADM 4.2.2.RI61 to resolve the issue.
|
|
|---|
|
Download Center fails to properly validate the file path submitted by a user, An attacker can exploit this vulnerability to gain unauthorized access to sensitive files or directories without appropriate permission restrictions. (CVE-2023-2749)
- The issue has been fixed on Download Center 1.1.5.r1298 for ADM 4.2.
|
|
|---|
|
The PHP Group announced multiple vulnerabilities that have been fixed in the latest release of PHP 8.1.
CVE-2023-0662, CVE-2022-31631, CVE-2022-31630, CVE-2022-37454, CVE-2022-31628, CVE-2022-31629 and CVE-2022-31627 will affect ASUSTOR products with PHP 8.1 installed on ADM 4.1 or ADM 4.2
- Updates with PHP 8.1.18 has been released on App Central for ADM 4.2.2.
|
|
|---|
|
ASUSTOR’s NAS has been recognized again for its excellent quality and performance by PCMag. The Lockerstor 2 Gen2 was recognized by PC Magazine as a best tech product for 2022. The powerful computing power and large number of features have been favored by editors and evaluated as an excellent choice to meet future enterprise storage needs.
|
|
|---|
|
| |
| |
|
| |
|
|