Protecting Network attached storage

In your answers, please keep in mind that it is all about a home network.

What is the best way of protecting a network attached storage from the outside world?

Currently i have a NAS connected behind my internet gateway. On the first day of use i found "copy.exe" within one of the disks attached to the NAS.

What should i do in order making it as secure as possible?

Solution 1:

Most NAS provides some sort of built in security restrictions allowing you to limit what hosts can talk to it. Some even allow you to configure users/passwords. Anything that the vendor provides for locking it down, do it.

Additionally, make sure it is located on your network in such a way that it cannot be seen or accessed from the outside world. If you're not using some sort of router/firewall/etc that prevents inbound access, you should be.

If you want absolute best security for it you can get, pick up a cheap second switch and an extra network card. Put the second network card(s) in the box(es) that needs to access the NAS. Configure it with an IP address on a different network from your normal LAN. Run the NAS on the separate "storage only" network that isn't even directly connected to the internet-accessible network.

Basically, you have two LAN's. One is for normal network purposes, accessing the Internet, etc. The other one is just used by the NAS and devices that need to connect to it, all running on separate network hardware (network cards). By placing the NAS on a dedicated network like this, someone has to first compromise one of your computers before they can even begin to attempt to access the NAS.

[Edited to add additional clarification of a dedicated storage network.]