Hi TBTG! I have been trying to harden the SMB configuration with the following improvements: Null passwords are disabled, SMB signing is mandatory, SMB encryption is mandatory, the minimum protocol version for supported is SMB3_11 for all communications and the ntlm auth is configured to be ntlmv2-only. I have not yet found a way to configure this correctly via the web interface as the "Samba extra configuration" field is confusing. If you could create an additional video about this, that would be exceptionally helpful! Thanks.

Glad you liked it!

Glad you liked the video and thank you for subscribing! I'll keep your suggestion in mind for an upcoming video, thanks for the input!

Glad you enjoyed it

Glad you found the video and thank you for subscribing!

I'm glad you found it helpful!

Oh wow, guess my noise gate caught me there. I recommend "Yes (Hidden)" That's the problem with listening to my own videos, my ears fill in gaps I know no matter how many times I listen to it. Thanks for catching that!

Glad you liked the video!!

Glad you found the video helpful!

Glad you liked the video!

You're welcome!!

In the top right hand corner there should be a little question mark in a circle. If it has a line under it, that means it's enabled / selected witch auto expands all the tips. If you want that off, it should not have a line under it. Here is what it looks like when off (top image) and on (bottom image): imgur.com/a/rbFW0EF

Almost!

Great question! That honestly never crossed my mind. Are you asking for the files stored on the shares of Unraid or for the Unraid OS / storage itself?

So realistically, any port forwarding (including Plex) introduces risk to your network. For me, I "trust" Plex enough to be served traffic from the Internet so I port forward 32400 for it. Port 80 is usually used for HTTP traffic which means it is not encrypted and sent in the clear, so anyone who can see the traffic can see the contents. Because of this, it is recommended to not use and instead use HTTPS over 443 with a certificate to help protect the traffic - IF you need web browser traffic forwarded to a device in your home network. Even though HTTPS is encrypted, anyone can still access the webpage so that server could still be hacked.

@@BeardedTechGuy thanks dude, so if I just only have the plex port forwarded, and thats it, then I should be ok?

If you only have 32400 being forwarded then that would be the only traffic sourced from the Internet that would get forwarded into your home network. At that point, as long as your Plex server isn't vulnerable for any known attacks (always keep it up to date to help protect it), then your risk would be minimal.

Hmm that's a weird one. You could check the credential store and see if a account is saved for it. Or if its not too destructive I'd remove the share and readd it to see what happens.

Great question! I tried to do some searching but couldn't really find anything. What seems like your best option would be to do disk encryption. My understanding is that the encryption password cannot be reset. I'm not sure if it's required every time on power up though. If it's saved in Unraid to mount the share and the saved encryption key is not wiped on password reset it really wouldn't protect against the entire server being stolen just the disks themselves.

@@BeardedTechGuy Password is required on each reboot, but it does protect against robbers with strong backs.

Good to know! Thank you for sharing

One does not choose The Beard, The Beard chooses the one.

@@BeardedTechGuy My understanding of the truth is that I am talking to the beard 🙌

My understanding is that you would not need SSH for the My Servers feature, so it should be able to be turned off if you don't want even local (on network) remote access to the server.

@@BeardedTechGuy Thanks for that. I do remotely access my server via my PC (local, on the same intranet) to manage it, so would I need to leave SSH enabled to do that? Or does My Servers bypass all of that and allow me to remotely admin my server via browser on my PC?

SSH is used for the CLI access. For GUI either local or through "My Servers" uses HTTPs. If you do not need CLI access to unraid locally you should be able to disable SSH without impact to My Servers.

@@BeardedTechGuy Awesome, thx for clarifying!

Not sure why but I just imagined Snoopy sitting on a laptop wearing the typical "hacker gear" lol

I think I'm getting ripped off! I only put 3 ad breaks in for the 15 minute video and KZbin very rarely uses all of them ¯\_(ツ)_/¯ imgur.com/a/KmawmsA