Does Adding NAS Attract Worms and Viruses?

Wednesday Sep 1st 2004 by SmallBusinessComputing Staff

Network Attached Storage (NAS) is an excellent option for SMBs that handle large amounts of data — we look at ways to keep viruses at bay. Plus, we tell you how to configure your router for online games and voice chat.

I work at a small architectural firm. We deal with an enormous amount of files and are constantly running out of storage space. For this reason, I have been considering upgrading our server's hard drive. I'm a bit apprehensive, though, since this is such a huge job with a high potential for problems. As an alternative, I started looking into a replacement server. The cost of a new server though is extremely high and, unfortunately, it's just not in the budget right now.

Instead, I'm considering a low-cost NAS (Network Attached Storage) device. This would solve my immediate problem and buy me time until the budget can handle the expense of a new server. The only concern I have is that after reading several reviews on these products, few vendors seem to address the issue of virus and worm protection. Do you have any suggestions that might help quell my fears about this issue? Any information on this matter will be appreciated. Thanks.

Surprisingly, in our research on NAS devices from various vendors, we found little mention of anti-virus support, even in high-end products. Viruses and worms vary greatly in their behavior, and there's no question that NAS devices can be vulnerable to their effects. Chances are that a low-cost NAS device will not come with any kind of anti-virus support installed.

We learned this lesson about a year ago when the dreaded Nimda worm made its rounds. We had deployed a NAS device to store the home directories of individual users, and each user had their home folder mapped as their Z: drive. Like many worms, Nimda copied itself to any drive it found, and thus the NAS device became infected.

If you are dealing with a NAS device that lacks integrated anti-virus support, a quick-and-dirty way to guard against viruses is to make sure that you include any mapped drives when configuring anti-virus scans on the client side. Better still, if you are using a centralized server-based anti-virus product, you can configure it to regularly scan the entire NAS device, either by mapping the root folder as a drive letter or by creating an administrative share and then including one or the other in your daily scan.

Another option is to use a command line anti-virus scanner (Symantec offers one), which may provide more flexibility and also supports Unix and Linux operating systems, on which many NAS devices, particularly the lower-cost models are based.

Unfortunately, none of these options will give you real-time virus protection, but regular scans will prevent virus-laden files from stowing away on your NAS device and possibly re-emerging later.

A product from anti-virus software provider Trend Micro offers yet another option. ServerProtect provides anti-virus scanning for network appliance files — detecting and removing viruses from files and compressed files in real time before they reach the end user.

Administrators can use a Windows-based console to manage virus outbreaks, virus scanning, virus pattern file updates, notifications and remote installation. If you're going to invest in a NAS device and aren't comfortable with the passive protection that comes with just scanning a mapped drive, then Trend Micro's ServerProtect product could be just what your looking for.

I have a cable modem connection, and I use Hotmail to communicate with a friend in another city via voice chat while playing online games. Everything works fine when my computer is connected directly to the cable modem, but when I try to do it through my NetGear router, neither the games nor the chat will work. Can you help me with this problem?

Your problem seems to be a relatively straightforward one. When your computer is connected directly to your cable modem, traffic flows unfettered between your computer and your friend's, allowing you to play online games and engage in voice chat. Put the router into the equation, though, and some or all of the traffic that supports these capabilities is blocked by default, so they no longer work.

To resolve this problem, determine which ports the features you use require, and configure your router's port mapping feature to forward those ports to your machine. (Your friend, incidentally, will probably need to so the very same thing on his or her end.)

The ports necessary for online gaming will depend what game you're playing or what online gaming service you use. You should be able to find port information his information should be provided in the game documentation and/or on the Web site.

You also said you were using Hotmail to conduct voice chats with your friend. I assume you mean Windows Messenger, of which Hotmail is the e-mail component. As it turns out, configuring a firewall to support the advanced features of Windows Messenger can be difficult (it uses a lot of dynamically assigned ports), and depending the equipment you and your friend have, it may not even be possible.

Microsoft offers a lot of technically detailed information on how to configure firewalls and router NAT (Network Address Translation) devices to work best with Windows Messenger.

Microsoft recommends UPnP (Universal Plug and Play) compatible routers in order to use all of Windows Messenger's features (they're better able to manage the constantly changing port mappings that are needed). You may want to get a router that supports UPnP, or check to see if your can upgrade your current router (and your friend's) to support it.

A quick and easy way to accomplish the connectivity you want would to be to put your computer into the router's DMZ (demilitarized zone), which would let the router pass any traffic it encountered to your PC. However, we don't advise that (and don't keep your PC connected directly to your cable modem, either), because it leaves the computer vulnerable to attack.

Adapted from, part of the Network.

Do you have a comment or question about this article or other small business topics in general? Speak out in the Forums. Join the discussion today!
Mobile Site | Full Site
Copyright 2017 © QuinStreet Inc. All Rights Reserved