What are Network-Attached Storage (NAS) Devices?

A network-attached storage device, or NAS, is a standalone server with the ability to store files for users on a network.

Use of NAS Devices

ICS advises against the use of self managed NAS devices due to the added security risk they introduce to our network and concerns around the safety of data that might be stored on them. The University provides a range of file storage options that are centrally managed, meet security and privacy requirements for a range of data levels, and account for physical security, resiliency, and offsite backups. Further information on these recommended file storage options can be found here.

Should these recommended file storage options not meet your requirements, please contact us to discuss.

Security Requirements for NAS Devices

There are a number of legacy NAS devices on the network currently. These are required to meet the minimum security requirements set out below.

• ICS staff must have physical and remote access to the device
• The device must be running on supported software
• Security updates from the vendor must be installed on release, and auto updates enabled where possible
• Uninstall or disable any unnecessary third-party applications or services offered with the NAS device software
• Event logs must be enabled and available to ICS staff
• Antivirus software must be installed or included with the vendor software, enabled, and updated
• Encryption must be enabled
• The NAS device must be physically secured

Failure to meet any of these requirements may result in the device being removed from the network.