Given how notorious the Chinese government is in forcing local companies to add spyware to their products or store encrypted data for future decryption when quantum computers will become more feasible (e.g. Huawei), how secure do you think their Terramaster NAS products are? Is it worth the cost or is it best to just steer clear of these?

  • MurderShovel@alien.topBEnglish
    1·
    10 months ago

    You can easily and relatively cheaply build a NAS with something like TrueNAS or just a Debian file server that I would trust a lot more than anything off the shelf made with closed source code with who knows built in.

  • joey_boy@alien.topBEnglish
    1·
    10 months ago

    My NAS is behind my firewall, blocked from all internet access, so no problem for me, no one to phone home to.

  • RexManning1@alien.topBEnglish
    1·
    10 months ago

    I had a Terramaster NAS years ago. It was secure. Never had any intrusion attempts. It was just lacking in power. Switched to a Ryzen based QNAP with dual 2.5G NICs for performance. 5x the cost, but worth it.

    I find Americans’ fear of Chinese manufactured products really strange. I’m sure some of those commenters were doing so on their iPhones. Be more concerned about the US government having the ability to read your emails for the last 22 years.

  • salnajjar@alien.topBEnglish
    1·
    10 months ago

    If it’s already been purchased, put it in an isolated VLAN, restrict all device-initiated internet traffic from it. Watch your logs for both DNS and outbound connection attempts from it for a few days.

    It makes no difference if the device is Chinese, American, Russian, etc, assume nothing should be trusted and use the principles of least privilege at all times…

  • lucads87@alien.topBEnglish
    1·
    10 months ago

    Genuinely asking: in case the device actually has a malicious back door (et similia threat), can it be reflashed with an Open Source OS?

  • thisiszeev@alien.topBEnglish
    1·
    10 months ago

    If you are concerned about privacy, then your only choice is Open Source on your own hardware.

  • pbx1123@alien.topBEnglish
    1·
    10 months ago

    Commun sense people

    Stop buying just bc is cheap.or has a new tech or proccesor etc

    Unless you dont give two cents about what you store or what network you plug it in

  • Tom0laSFW@alien.topBEnglish
    1·
    10 months ago

    There’s an old joke in infosec about wanting firewalls made by every different nation. You want a Cisco device, that has back doors for the Americans, a Huawei device that has Chinese back doors, and a Juniper device with Israeli back doors. Put them all together and you should be good

  • thedude42@alien.topBEnglish
    1·
    10 months ago

    Having recently purchased a really nice looking piece of network gear with all the features I wanted at a very low price from a Chinese vendor that had absolutely no existing reputation I was aware of, my experience was enlightening with the final lesson being re-taught: you get what you pay for.

    If your use case is within the boundaries of the equipment’s quality limits then you will probably do fine, but I suspect if you try to explore the more complex features of the equipment you will find out where the lack of effort and cost reduction comes from.

    how secure do you think their Terramaster NAS products are

    I don’t think this would be any less secure than any other consumer vendor device. I just don’t think you’d be able to get much help if anything is broken, and I wouldn’t expect to see any fixes for bugs.

    You definitely should not put something like this directly on the Internet, and that advice isn’t limited to Chinese hardware. It is pretty easy to limit a device like this from “phoning home” at your Internet edge if you’re concerned with such things.