Thanks Tom! As an addition I would like to point out, that the system dataset needs to be on the boot drive or it's own in order to set a passphrase encryption on pools and datasets/zvols. Ran into this yesterday.
There is an issue with TrueNAS Core where it is possible for the internal time to slip and fall behind real time, sometimes over a minute or teo for me, consequently causing issues for 2FA since the timestamps for the codes will not match the required intervals. It's been mentioned on the forums, the dev team basically just said that you had to setup cronjobs to have it reset or fix it some other way. I'm glad you mentioned changing it so that the 2FA had a greater window of acceptance because it was a real headache for me when I could figure out why inputting the exactly correct credentials over and over again kept getting rejected.
Thanks for the explanation of 2FA. I recently messed up and was locked out. Luckily I was able to reset root password to disable it. Now I can set it up properly thanks to this video!
Excellent video! I am new to TrueNas, so I have a few noob questions. Firstly, can you access your NAS remotely (WAN) / outside your local network / over the internet? If so, how to DISABLE it? As you mentioned in your video, an excellent way to securing your NAS is by restricting the access to specific LAN IP Addresses, does it mean that no-one would be able to access the NAS on WAN / outside your local network? Secondly, an extension to the first point, how can we isolate the NAS entirely from the internet? Thirdly, please discuss about adding users with read only permissions. Last but not the least, is there any firewall settings we can enable & how to protect the NAS from DDoS / hacking attempts / ransonware.
Hi Tom. I love your "How To Secure... " videos. I would like to see one on how to secure RDP. I have two RDP hosts open with PFSense and thanks to your videos, I can now see they are getting bombarded with brute force authentication requests all the time! I have tried VPNning and only connected to RDP locally but, RDP over WAN is just far simpler and less steps for a non tech savvy end user.
I'm missing the option to bind addresses under the FTP section. The only way I've read on some forums is to create a jail and install and configure proftpd there.
Loved the tutorial, thank you for this. Any chance you can do a quick ClamAV install? Seems there are tons of videos for ClamAV install in Linux but not a single one for FreeBSD or TrueNAS. There are also no written help for installation after plugin install.
I have a question that can hopefully make a good video subject for you as well. I have two (personal) servers set-up, one at home and one at my parents. I'd like to setup a replication task to create snapshots of the dataset where my backups are stored to the other system (thus creating an off-site backup). On both machines: SSH is turned on (only keys allowed) and set to use a port with a high number. Also DNS is available (NO-IP updated through router). Using my personal user and it's key I can SSH (Putty/FileZilla) into system 2 from the network where system 1 is located and vice versa (so both directions, each with their own respective key obviously), so the connection works. I'm struggling getting this set-up. I'd also like to use a separate user for this, not root. A video explaining this, including best practices around setting this up, would be very much appreciated! Thanks for reading :)
@@LAWRENCESYSTEMS Thanks, I've seen that one back in the day. But there you are using root with it's password to auto-create a SSH connection. Isn't that against best practice as you're using root with pass to login and don't have a specific user with limited access for the replication?
@@LAWRENCESYSTEMS ah too bad, thanks for clarifying! Do you know if replication keeps working if you disable root and password login (for SSH service) after setting this up? Since then it should use the key to connect to the other system correct? Thanks!
Hi Tommy I have a question about automatic locking of the Web Gui I was looking for articles on how to perform or change the locking of the Web Gui. The Web Gui does not lock automatically for me, is there a way to configure this.
Since you mentioned windows, shares and truenas together, what would you recommend as a way of truenas serving storage to a hypervisor who in turn going to feed the VM the given truenas storage? iscsi or nfs?
@@LAWRENCESYSTEMS by that way you mean iscsi or nfs? Which has the best performance? Even though iscsi is block level storage and doesn t have any extra layers that a filessytem do., it can be targeted by only one system ant not multiple.
All of us in IT will have a breach someday. Maybe it is a vendor, maybe a misconfiguration or just a hardware defect - just make sure everything is in silos. I do not wish anyone to be hacked, neither should you.