Synology Inc. Online Community Forum

[Karsayor]

Hi

I just installed Cloud Station, it works perfectly but currently it's unecrypted (Wireshark scan^^). Is that normal, is there a settings to configure encryption ?

Thank you and best regards

[PD24]

I would be interested with Encryption. I need to get files from work to home and home to work and I don't want network engineers snooping into my projects.

Also I would be interested in Cloudstation being portable. Can we not put it on USB?

[Rogue73k]

I just upgraded DSM to 4 and installed Cloudstation. I've been tasked with finding a reliable automated solution for File sync. This looked promising, and is stated as "Private Cloud" however now seems more of a bleeding security hole, if it's not encapsulated with SSL or some other technology. I have not begun to Pentest it yet, but I will. I've looked a little, but haven't found detailed documentation on this tech yet. Our stations have been attacked before, so I would rather not solely depend on local security.

We are experimenting with HiDrive, but Strato is VERY EU centric for accounts and either way is more of a backup/restore method (which WILL result in some human error). SpiderOak would be my preference but cross compiling is required for the client and I may have some issues with gLIBC versioning. (I'm testing on a DS508 which is PPC and eventually at DS1010 which is Intel) These solutions are, however, encrypted from end to end at both the file and transmission level. If it hits the net and is meant to be private, it has to be encrypted at a minimum with SSL. My preference would be encrypted at the file level then sync'd within SSL. These are basic requirements for me. Hopefully more will continue to post here.

I do acknowledge Cloudstation is still in Beta, so we need to let the developers know what works and what doesn't, and well as what/how we need to use it.

I require:

End-To-End encryption & encapsulation
Shared cloud folder as well as Home/Cloudstation folder

I see as optional:

On demand sync
Compression
Version control
Portable App (Most definitely, PD24! I love my portable apps and use them daily.)
Good step-by-step examples for proper standardized deployment. (This was unbeleivably easy to get setup and working, I will admit.)

Just my nibble on the topic. Thanks for starting it, Karsayor.

[Karsayor]

Hi,

I saw on the Synology blog that Darren said they want to secure that Cloud Station. The only question is : when will it be secured ? At the first release of the final edition ? Later ?

Maybe someone here could answer us that's why I came to post my question here

As Rogue said, we know it's still in beta !

I can't just wait to use that feature for my friends / family

[Karsayor]

Hi,

I saw on the Synology blog that Darren said they want to secure that Cloud Station. The only question is : when will it be secured ? At the first release of the final edition ? Later ?

Maybe someone here could answer us that's why I came to post my question here

As Rogue said, we know it's still in beta !

I can't just wait to use that feature for my friends / family

[Rogue73k]

Gansterwagen has a good thread started in the feature request & product improvement area. This may get better visibility. I've linked to this post as well.

Cloud Station - selecting folders for sync
http://forum.synology.com/enu/viewtopic.php?f=3&t=48495

[stallemanden]

I was just taking a look "behind the scenes" on my DS-712+ running the CloudStation.

With regards to SSL, it would appear that it is something Synology has in the makings.

Looking in the folder:

Code: Select all

/volume1/@cloudstation/@sync-client

I found that there are folders for each user that has CloudStation activated.
In each of these folders, there are a set of files and a folder:

Code: Select all

drwxrwxrwx    3 root     root          4096 Mar 17 10:49 .
drwxrwxrwx    5 root     root          4096 Mar 17 10:02 ..
-rw-rw-rw-    1 root     root           221 Mar 12 09:41 client.conf
-rw-r--r--    1 root     root         59392 Mar 17 10:49 event-db.sqlite
-rw-rw-rw-    1 root     root             0 Mar 17 10:23 excep.list
drwxrwxrwx    2 root     root          4096 Mar 17 10:23 sign


Taking a look at the client.conf file, it gives me this:

Code: Select all

user="torben"
password="torben"
client="torben"
session="torben"
server="/tmp/sfsock"
watch="/volume1/homes/torben/CloudStation"
db_loc="/volume1/@cloudstation/@sync-client/torben"
port="6690"
ssl="0"
native_client="true"


The password is not a clear-text edition of the DSM users password.

Notice, the ssl="0".
So what I would suspect is, that the SSL is coming.

Also the native_client part sounds interesting

[gamersbbs]

I am surprised they didn't just use RSync to do this. They could have easily created an app using that algorithm and had built in security...

[Micke_O]

I really hope SSL for CloudStation is coming. This is a showstopper for me.

I could have done my homework better before bying but I just assumed that it was encrypted traffic to/from CloudStation. As someone else said: with SSL it's a killer app

[rk188]

I guess the only way to get the data over in a secured way AND using cloud station is:

- deactivate easycloud
- use the VPN server package
- connect to the Synology product via VPN

But that is not very user friendly off course... but I guess I can live with for now...

[quietsy]

There is another way for securing your data on the cloud station.
I am using an SSH tunnel and everything is encrypted over SSH.
Pros:
+Encryption of authentication and data
+Allows the cloud station to work behind a company proxy
+Can be used for other services except cloud station

Cons:
-Must open SSH outside for it to work