Network Attached Storage​

 View Only
Expand all | Collapse all

Why does HNAS need SMB-Client-Barring whereas other products in Market do not seem to have a need of the same functionality?

This thread has been viewed 12 times
  • 1.  Why does HNAS need SMB-Client-Barring whereas other products in Market do not seem to have a need of the same functionality?

    Posted 22 days ago

    HNAS 13.9 introduced SMB-client-barring, a list where clients are automatically added if they generated enough unauthenticated requests to HNAS. Why is this functionality needed?

    Other NAS products out there do not seem to have a need of similar blocking in place.
     



    ------------------------------
    Abhishek Saxena
    Systems Engineer
    S&P Global Market Intelligence
    ------------------------------


  • 2.  RE: Why does HNAS need SMB-Client-Barring whereas other products in Market do not seem to have a need of the same functionality?

    Posted 22 days ago
    Hi

    I have the same question. Why is this really needed ? ( security ? , performance ?... maybe some sites
    have so much bad pw activity that it consumes resources and saps performance ? )

    Last month I wasted a day battling a "mystery problem" where all users on an important host
    ( a large Terminal server ) were un-able to access the NAS.

    The cause of the "mystery problem" ( partial service outage ) was the new on-by-default "auto barring" feature.

    Most of the auto-bars I have seen have been legit ( broken clients ...etc ) ;however,
    it appears that multi-user terminal servers are frequent accidental ( not legit ) auto-bars.

    Currently, I believe that the trigger for barring is:
    "If , from a given IP Address, there are 21 bad logon attempts within 2 seconds,
    THEN, that IP Address will be barred. "

    The thresholds of this can be tuned ; however, this can be problematic since
    de-sensitizing "auto-barring" to prevent non-legit auto-bars also
    prevents legit "auto-bars".

    The "auto-bar" feature needs a "do not bar" list .
    It should be possible to add the following to the "do not bar" list
    - IP Addresses
    -IP Address ranges ( 142.205.0.0/16 .... etc )
    - host names

    The "auto-bar" feature also needs an auto-clear feature so that when the client-side issue is
    resolved the bar is removed after N hours. ( the NAS admin should not have to babysit
    this feature and be forced to manually remove the "bars" )

    There may be an actual good reason for implementing this feature; however,
    having it active-by-default was probably not a good idea since it results
    in , partial, service outages. As currently implemented the feature causes some disruption
    and causes some extra work for NAS admins.

    Thanks

    Andy






    >


  • 3.  RE: Why does HNAS need SMB-Client-Barring whereas other products in Market do not seem to have a need of the same functionality?

    Posted 22 days ago

    Also HNAS seems to be the only NAS solution out there implementing this. We have several DELL EMC NAS, along with few NetApps and Nasuni NAS. None of them seems to have this feature.
    I understand there could be technical reasons behind this implementation with HNAS, but other systems seem to be handing this with a better implementation. Not sure how though?



    ------------------------------
    Abhishek Saxena
    Systems Engineer
    S&P Global Market Intelligence
    ------------------------------