SECURITY WARNING

SECURITY WARNING

RetroNAS installs and enables numerous legacy protocols, many of which are highly insecure by design (in order to be compatible with legacy/retro computers and operating systems). These protocols frequently have known, unfixable exploits due to their legacy nature, and often transmit information such as your Raspberry Pi's usernames and passwords in cleartext (unencrypted). Some of the protocols implemented offer encryption that is very old, and trivially crackable on modern, high-powered CPUs and GPUs.

Do not use RetroNAS to store personal, private or confidential data.

Keep RetroNAS behind a router/firewall on a private network, and never put it on a device with a public IP address.

Putting your entire retro network on a separate subnet or VLAN behind an internal firewall is also recommended if you have the equipment/skills.

All RetroNAS installers run as the "root" (admin) user on your Raspberry Pi in order to make changes to your system. While we intend to make our software as bug-free as possible, this does have the potential to delete your data. Please ensure you have everything backed up before installing any RetroNAS component. All RetroNAS code is open source and available in GitHub should you wish to inspect it yourself.

Please also remember that data on a NAS isn't a backup just by itself. If you care about your data, please have a good backup strategy. Sysadmins often follow the 3-2-1 rule:

• 3 copies of your data in total
• 2 copies onsite on different systems/media
• 1 copy offsite

Likewise any person with a military background will tell you assuredly that "two is one, and one is none". And they are correct.

Fire, flood and fat-fingers can all cause data loss. Please take care.

Protocol-specific security notes

• FTP#Security
• Samba#Security
• WebOne#Security