![]() Auto-block settings (source: ) Step 2: Configure your network Disable port forwarding Similarly, account protection can lock accounts for a specified time due to failed logins. Auto-block allows you to blacklist any IP address that reaches a certain number of failed logins. Both settings are available under Control Panel > Security > Account. QuickConnect configuration (source: ) Enable auto-block and account protectionįinally, enable two additional security features that will significantly lower the chances of any brute-force attack. You can disable QuickConnect under Control Panel > QuickConnect. In my opinion, DDNS provides similar functionality with a lot less security risk. While it might increase convenience for you, I would strongly recommend against using this setting, because it also makes it easier for attackers (e.g., simply by guessing your QuickConnect ID). QuickConnect is a smart function that makes your Synology NAS reachable using a simple QuickConnect ID. Currently, OTP is the only option in DSM 6, but this area is getting a lot of attention and improvements in the upcoming release of DSM 7. You can do this under Options (silhouette icon in the top right corner) > Personal > Enable 2-step verification. If attackers somehow guess or steal your password, they would still need the 6-digit OTP code (typically stored in some mobile app) to get access to your NAS. It is a good idea to have 2FA enabled for all of your online accounts and it is definitely a good idea to have this enabled for your NAS. This user account will be able to access files but does not have system admin privileges (in case your credentials get compromised, the attacker won’t be able to lock the whole system). It is also a recommended practice for admin to have a separate user account for everyday activities. You can do this under Control Panel > User. You can make it a lot more difficult by disabling the default admin account and creating a new admin account under a different username (e.g., peter_admin). Many NAS attacks are simple brute-force techniques – attackers try to guess your username and password. Changing default DSM ports (source: ) Create new admin account Change these ports to any other number (e.g., 9876 / 9875) under Control Panel > Network > DSM Settings. This makes it very easy for an attacker to figure out where your DSM is hosted. Step 1: Change default settings Change default portsĮvery Synology uses the same HTTP (5000) and HTTPS (5001) ports by default. No single measure will guarantee complete security, but taking these steps will probably help you prevent 99% of potential attacks. These attacks typically do not happen because of some software or hardware issue, but rather due to the owner’s inability to adopt appropriate security precautions. Every brand has had its fair share of issues from ransomware attacks to virus infections. ![]() That’s great, but how do you secure it? The truth is, NAS devices are very interesting targets for hackers because they store sensitive information and are not always secured. So you just got your new Synology network-attached storage (NAS) device and uploaded terabytes of data on it.
0 Comments
Leave a Reply. |