How to secure my NAS?

Topics including remote access and management can go here, including port forwarding, telnet, ssh, and advanced network settings.
Forum rules
1) This is a user forum for Synology users to share experience/help out each other: if you need direct assistance from the Synology technical support team, please use the following form:

https://account.synology.com/support/su ... p?lang=enu



2) To avoid putting users' DiskStation at risk, please don't paste links to any patches provided by our Support team as we will systematically remove them. Our Support team will provide the correct patch for your DiskStation model.
Symbionte
Trainee
Trainee
Posts: 15
Joined: Sat Mar 31, 2018 7:39 am

How to secure my NAS?

Unread post by Symbionte » Wed Jun 13, 2018 2:44 pm

I am wondering how should I set up my NAS in order to be as secure as possible. I have on DirectConnect and I have also been testing with NO IP and port forwarding so I can access it directly through my router (port 5000) and I have been able to do so. This makes me think about the fact that my data is only a password away from being accessed. I have seen that two step access is available, through a code in my cell phone, but I havent enabled it yet, as I wonder what would happen if for any reason I loose my phone. What could I do if that is the case, If you have 2 step verification enabled but you loose your device? Any way to access?. Apart from 2 step verification, is there any other way of securing the access to my NAS? Thanks for the help.
Last edited by Symbionte on Wed Jun 13, 2018 8:31 pm, edited 1 time in total.

Squozen
Specialist
Specialist
Posts: 1122
Joined: Wed Jan 09, 2013 1:35 am

Re: How to secure my NAS?

Unread post by Squozen » Wed Jun 13, 2018 3:20 pm

https://www.synology.com/en-global/know ... nology_NAS

Another thing I do that isn't listed in this guide is changing the default port that DSM listens on. That will stop automated scanners looking for Synologys (which is what happened a few years ago with the Synolocker ransomware).

User avatar
Twisted World
Enlightened
Enlightened
Posts: 499
Joined: Sun Jun 12, 2016 8:29 am
Location: Netherlands
Contact:

Re: How to secure my NAS?

Unread post by Twisted World » Wed Jun 13, 2018 6:52 pm

I am also using two-factor authentication, but not really happy about its security in the end. If you don't have your phone with you, you can have a one-time code mailed to you. This basically destroys the whole idea of the two-factor authentication, because one only needs access to your e-mail account, which is again just "one password away" since just about every mail system now also has webmailer support.

But ignoring this huge flaw; you can have more devices linked to your two-factor authentication system. Just as a backup system, I can also use an old iPad which I never really use for anything anymore. Just in case my phone gets missing or happens to be out of "juice" at the moment I need it.
[ DS918+ | DS916+ | DS216+II | DS1815+ | DS415play | DS115j | EDS14 | DS212+ | DS211+ | DS411slim ]

Symbionte
Trainee
Trainee
Posts: 15
Joined: Sat Mar 31, 2018 7:39 am

Re: How to secure my NAS?

Unread post by Symbionte » Wed Jun 13, 2018 7:53 pm

I have applied all the security settings provided in the link, but I am having an issue with Drive app for WIndows

I have disabled QuickConnect
I have disabled admin default account and created another account with admin privileges
I have enabled autoblock
I have enabled 2 step verification
I have enabled https connection
I have changed the default ports for http and https

Since I am no longer using quickconnect, I need to use https://noipadress.net:port in order to access the nas from outside the LAN. It works fine in the computer, and in the android apps, which also request the two step verification. However, the drive app for windows will not be able to connect to my no ip adress, it says it cant connect. Is there any known issue on this?? Can anyone help?

Symbionte
Trainee
Trainee
Posts: 15
Joined: Sat Mar 31, 2018 7:39 am

Re: How to secure my NAS?

Unread post by Symbionte » Thu Jun 14, 2018 12:49 pm

another thing, should the data be encrypted?

User avatar
Rusty1281
Proficient
Proficient
Posts: 2845
Joined: Fri Jun 03, 2011 10:51 pm

Re: How to secure my NAS?

Unread post by Rusty1281 » Thu Jun 14, 2018 1:26 pm

It will be if you access your nas and services via https. Regarding your Drive problem, are you using your Drive address using your DDNS name or the NAS local IP address? If you are using DDNS inside the same LAN as your NAS it could be a probelm of nat loopback support on your router.
Synology DS918+ (4x4TB WD RED - RAID 5 with 2x250GB 960EVO NVMe) | Synology DS412+ (4x3TB WD RED - RAID 5) | RT1900AC

Symbionte
Trainee
Trainee
Posts: 15
Joined: Sat Mar 31, 2018 7:39 am

Re: How to secure my NAS?

Unread post by Symbionte » Thu Jun 14, 2018 8:58 pm

I was using the DDNS address, that works just fine in android apps or browser, just fails in Drive for Windows. True it is I was using DDNS inside the LAN, but also in the other apps and it worked. In any case I have tested from outside the lan, and got the same result.

sincarne
Virtuoso
Virtuoso
Posts: 1359
Joined: Wed Feb 15, 2017 9:57 pm

Re: How to secure my NAS?

Unread post by sincarne » Thu Jun 14, 2018 9:52 pm

Symbionte wrote:
Thu Jun 14, 2018 8:58 pm
I was using the DDNS address, that works just fine in android apps or browser, just fails in Drive for Windows. True it is I was using DDNS inside the LAN, but also in the other apps and it worked. In any case I have tested from outside the lan, and got the same result.
drive for windows use 6690 not DSM port. you open that?

Post Reply

Return to “Remote Access and Network Management”