The risks of cyberattacks, ransomware, and industrial espionage is on the rise, while at the same time EU regulations for the protection of personal data will reach a new level with GDPR (General Data Protection Regulation) entering into force as from May 2018. Organisations and companies need to have reliable and secure storage in place in order to protect their sensible information as well as the personal data of their customers.
Many small and medium sized organisations use network attached storage (NAS) devices to store, backup and share data. Buffalo is an established leading manufacturer of NAS devices and security of its customers’ data is, and has always been of the utmost priority. Buffalo NAS are secure devices in many aspects.
One of the most significant features to highlight is that Buffalo NAS systems are closed and not even the system administrator has root rights. Most competitors’ devices allow third party apps to be installed via an app store, which opens a potential loop hole for malware, spyware and other viruses. The TeraStation™ only allows connections to available network services, which you can still limit to the ones you really need and use by enabling/disabling them per LAN port and service thus minimising the risks further.
Security starts with the setup. Buffalo always uses local setup for TeraStation™. It is not necessary to have an internet connection for the setup or create an account (like you need to do for some other vendors) to use the device for remote management what holds user names and/ or passwords that could be targeted by attackers.
Disk Encryption: By choosing encrypting the drives option, all data written onto drives will be encrypted with AES 256bit. So even when HDDs are taken out of the unit, they cannot be read by PC or on other TeraStation™ units.
Encrypted data transfer: When accessing the TeraStation™ via remote management or WebAccess the connection can be established by using HTTPS, which guarantees encrypted data transfer. In addition all TeraStation™ support SFTP (SSH File Transfer Protocol), which enables secure file transfer capabilities between networked hosts.
The management of a TeraStation only works with a password. You can restrict file access by using passwords as well. The TS3010 and TS5010 series also support Access Control List (ACL) for sub-folders and individual files.
Compared to simple access right control, ACL enables very fine tuned management of who can access what. Backup and replication passwords prevent a secondary NAS of seeing or using the TeraStation for any backup or replication purpose.
By turning on the virus scan feature, virus spreading over the network is prevented. In case a vulnerable PC gets connected to the network and sends virus-infected data onto the TeraStation, the virus gets automatically detected by the TeraStation and quarantined to a segregated folder and prevents the infection to other clients.
* TS3000/3010 & TS5000/5010, sold separately
Backup, replication, failover and encryption
While a backup is not exactly a security feature, it is a measure to protect yourself from data loss in case of a defect or attack on your system and essential for any business or private user. TeraStation™ offer plenty of options to secure your data in a safe way – backup (via USB or network), replication, encrypted replication, backup or replication via Rsync with SSH (encrypted file transfer), failover, cloud backup.
Boot Authentication for TS3010 & TS5000/5010 Series:
When the TeraStation™ unit boots up, it automatically goes through a boot authentication process by linking it over a local network or VPN with a Windows server or PC with the boot authentication management tool installed. If authentication fails, or the unit is blocked by the boot authentication management tool, the TeraStation™ will not boot up and cannot be reset. This will prevent the unauthorized boot-up or reset of a stolen TeraStation™ device. With the boot authentication management tool installed on a Windows PC, you can manage multiple TeraStation units, resulting in speedier trouble shooting. When the Boot Authentication feature is enabled, the data is automatically encrypted with AES 256bit.
The “Reset button” can be disabled (also on older models without Boot Authentication), which ensures that the unit cannot be used when removed without permission.
All TeraStation™ units (desktop and rackmount) feature Kensington lock compatibility. In addition, the desktop versions have lockable doors that prevent that only the disks are taken out of the unit.