Security advisor limitations

Discussion of applications not mentioned above.
Locked
User avatar
titanrx8
Posts: 222
Joined: 17 Jul 2020, 06:17

Security advisor limitations

Post by titanrx8 »

Is there a way to turn off the red "in risk" flags or add some additional logic when they are triggered?

Examples:
1. I use an external firewall and the TOS status page knows that the WAN is disconnected but the security advisor flags red for firewall. I know that I don't have the TOS firewall enabled and don't need it.

2. I use ext4 so don't have snapshot capability but it gets flagged. How about not checking for snapshot when it isn't a valid capability?

3. Security isolation mode gets flagged. I won't use the mode because it turns off ssh . I won't use isolation mode because it turns off ssh. I have ssh enabled for local traffic because I want the backdoor if needed. How about stopping the isolation mode flag or changing isolation mode to allow local ssh?

4. What is the advisor looking for in the user password strength.? Mine gets flagged even though it is a very long random sequence.
User avatar
TMwuu
TerraMaster Team
Posts: 139
Joined: 13 Jun 2022, 16:57

Re: Security advisor limitations

Post by TMwuu »

{L_BUTTON_AT}titanrx8

Hello, this is a risk reminder that can increase system security. You can click on the item whose status is risky, go to the settings according to the instructions, and re-scan after setting, the status will become normal.
To contact our team, please send email to following addresses, remember to replace (at) with @
Technical team: support(at)terra-master.com (for technical support)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)
User avatar
titanrx8
Posts: 222
Joined: 17 Jul 2020, 06:17

Re: Security advisor limitations

Post by titanrx8 »

{L_BUTTON_AT}titanrx8
TMwuu wrote: 02 Apr 2023, 13:03 Hello, this is a risk reminder that can increase system security. You can click on the item whose status is risky, go to the settings according to the instructions, and re-scan after setting, the status will become normal.
Sorry, you missed the point of my statements. Security advisor is scanning for invalid scenarios. For example, Ext4 doesn't support snapshots so don't call it a security risk. I used to run btrfs with snapshot and stopped because of data corruption which hasn't recurred since "downgrading" to Ext4. How much more "difficult" can my password be? It's already longer than 32 characters and completely random sequence of letter, numbers and special characters. I have much more confidence in my outboard firewall than the built-in firewall. When I create firewall rules in TOS and switch the outboard firewall to monitor but not block the TNAS servers, the TOS firewall enables late in the boot sequence of TOS. In the minute between power-on and execution of the TOS firewall, the TNAS has already made outbound accesses to sites and regions that my outboard firewall blocks 100%. The TOS firewall needs to execute immediately on boot or it serves no purpose. Flagging that it isn't enabled in security advisor is a false pretext that the system is secured. I can go on but we really need to just be able to turn off the scans that aren't useful in an individual's environment.
Locked