-1
archive,tag,tag-security,tag-172,theme-stockholm,qode-social-login-1.1.2,qode-restaurant-1.1.1,stockholm-core-1.0.5,woocommerce-no-js,select-theme-ver-9.12,ajax_fade,page_not_loaded,,qode_menu_,qode-single-product-thumbs-below,wpb-js-composer js-comp-ver-5.7,vc_responsive

Basic Home Network Security – NAS (Part 2)

Basic NAS Security Guidelines

First of all with all the different models of NAS devices, we have put together a simple guide detailing key steps towards securing your NAS. It is impossible to give a one size fits all guide to securing your NAS. Instead, focus on learning these principles and the reasoning behind them. Once you learn what to look for and why, you can find specific instructions for your NAS from the manufacturer’s website.

 

NAS security guide
  1. Implement strong password security. …
  2. Ensure that NAS firmware is routinely updated. …
  3. Never use default admin accounts. …
  4. Secure your connection and ports. …
  5. Make use of your NAS firewall. …
  6. Enable DoS protection. …
  7. Use a VPN whenever you use your NAS

Admin Accounts and Passwords

Always change the default password for the administrator account. If possible, create a new administrator account with a different name and delete the default “admin” account, as brute-force attacks only work by repeatedly trying to guess the password for this account.

Enable SSL

When you access your NAS via the web interface, you should see “https://” at the beginning of your address bar along with a padlock, indicating your connection is encrypted. If this isn’t enabled by default, turn it on. Otherwise, your credentials are transmitted in the open and available to potential attackers.

Only Enable What’s Necessary

Your NAS can run various web apps that will be accessible over the net. Only enable what you need and if you open a port on your router to access your NAS from the Internet, make sure you are using a strong username and password. Consider enabling any filtering or auto-blocking features your NAS offers to eliminate brute-force login attempts.

Use a VPN

If your NAS can run a VPN server, you can use this when away from home to access your device securely. When you connect to the VPN, you’ll have access to your local area network (LAN). This means you only have to open up a port on your router for the VPN, greatly reducing the attack surface for your NAS.

Connecting to your NAS via a VPN is one of the best ways you can keep your NAS secure. Check the manufacturer’s website to learn how to set up a VPN on your specific device. Also make sure to check out our selection of best VPN providers as well as our overview of VPN reviews to get an idea of what’s available out there.

Following the guidelines above will increase the security of your setup, and they’re easy steps to implement. Now, we’ll look at some specific features offered in the various Synology and QNAP devices.

Securing a Synology NAS

Synology devices offer users several options to lock down their NAS and enhance security. We’ll start by removing the default account and creating a new one with a secure passphrase.

Create a New User

Step 1. Login to DiskStation Manager and from the main menu click “control panel” then click “users.”

Synology dashboard create user

Step 2. Click “create,” then click “create user.”

Step 3. Enter the username and password of your choice, then click “next.”

Step 4. Click the “add” checkbox to add your new user to the “administrators” group, then click “next.”

Step 5. Give the new administrator account access to all folders by ticking the “read/write” box, then click “next.” Click “next” again, unless you want to set a disk quota.

Step 6. Tick the “grant” box to give the new admin account access to applications, then click “next.”

Step 7. Click “next” at the to skip setting a speed limit, then click “apply.”

That’s it, you now have a new administrator and can proceed to disable the old admin account.

Disable the Admin Account

Step 1. Log out of the DSM and then log in with the newly created administrator account.

Step 2. From the main menu, go to “control panel” and click “users.”

Step 3. Click the “admin” account, then click “edit.”

Step 4. Tick the box for “disable this account” and click “ok.”

Now that we have a new administrator account and have disabled the old default account, let’s look at setting up two-step verification.

Two-Step Verification for Synology NAS

This process requires a mobile phone with an authenticator app installed, such as Google Authenticator. Install the app now before you continue. You’ll always need your phone when logging into DSM.

Enabling two-step verification means that an attacker attempting to access your account needs your password as well as your phone, greatly reducing the possibility of compromise.

Step 1. Click the user icon, then click “options.”

Step 2. Tick the “enable 2-step verification” to launch the wizard. Click “next.”

Step 3. Enter an email address in case your phone is lost. Click “next.”

Step 4. Open the authenticator app on your phone and scan the QR code displayed by the wizard. Click “next.”

Step 5. Enter the code generated by the authenticator app. Codes are updated periodically, so do this quickly before it expires. Click “next.”

Step 6. Click “close” and click “ok” to save your changes.

You’ll now be prompted to enter a verification code every time you log in to the DSM. While it may seem like a hassle at first, it only takes a few seconds and greatly increases the security of your NAS.

Enabling Auto-Block for Synology NAS

Lastly, we’ll enable auto-block. Attackers use automated tools to scan and exploit other computers, and by enabling auto-block we can blacklist the IP address of any attackers after a certain number of failures.

Step 1. From the main menu, click “control panel,” then click “security.”

Step 2. Click “auto-block,” then tick the box labeled “enable auto-block.”

Step 3. We’ll enter the number five for both “login attempts” and “within (minutes)” here, as this is a safe default.

Step 4. You can tick the box for “enable block expiration” if you want the block to expire after a certain number of days.

Step 5. Click “apply” to save your changes.

You can always edit the block list by going back to this screen and clicking “allow/block list.” Enabling auto-block, two-step authentication and creating a new administrator account are three simple steps towards enhancing the security of your NAS device. Check out Synology’s site for more information – https://www.synology.com/en-uk.

Secure a QNAP NAS

QNAP provides several features built-in that will strengthen the security of your device. Similar to Synology’s auto-block, QNAP offers “network access protection” to block repeated attacks against your NAS. We’ll also use QNAP’s built-in antivirus to keep your NAS clean of any nasty surprises.

Enabling Network Access Protection

Step 1. From the control panel, click “system settings.”

Step 2. Click “security” and click “network access protection.”

Step 3. Click “enable network access protection” and click “apply all.”

You can tick the box for each service that you’ve enabled on your NAS. In general, you should enable network access protection for each service you’ve enabled. Stopping automated attacks is as easy as turning this on.

Enable QNAP’s Antivirus

Step 1. From the control panel, click “applications.”

Step 2. Click “antivirus” and click “enable.”

Step 3. Tick the box for “check and update automatically…” and set the value to one day. Keeping your virus definitions updated ensures your antivirus doesn’t let new malware slip by.

QNAP offers a wealth of features, including SMS/email notifications of unusual activity, setting up your device as a VPN server and far more beyond the scope of this guide.

Check out QNap’s website for more information – https://www.qnap.com/en/.

Disclaimer:

1. Information within this article serves as a general information source only and we are not involved in giving professional advice here.

2. The Website may not cover all information available on a particular issue. Nothing contained on this article constitutes professional advice nor is it to be relied on when making any decision. The information or opinions discussed on this article may not be suitable for you and you should do your own checks or obtain professional advice relevant to your particular circumstances before relying on information found within this article.

3. While we try to ensure that information posted on this article is timely and accurate, sometimes inaccuracies may occur. All information is provided “as is” and without warranty of any kind. No warranty of any kind, implied, express or statutory, including but not limited to the warranties of non-infringement of third party rights, title, merchantability, satisfactory quality and/or fitness for a particular purpose, is given in relation this article and the materials and information within the article.

Home Network Security Basics – Starts with the Router (Part 1)

Home Network Security Principles

First things first, all you will need to secure your computer, NAS and server, with the login credentials for your router. It’s usually admin/admin or admin/password, unless you have changed it. Do you know that most people skip this very important step? Just make sure that you are not one of them!

Hackers just needs to Google all the router models, key in the “default password” and Voila! – they will gain access to your network in the blink of an eye. This is how easy it is for any one to gain direct access to your network. Securing your router and your home network greatly reduces the risk of your device and corresponding info from being compromised and accessed. You can further reduce the risk of a hack by following the basic security principles detailed below:

  • CHANGE out the default password
  • Do not click on any suspicious links in emails or anywhere else – especially if they require redirection to your local network, for example: http://192.168.x.x
  • Use random, alphanumeric passwords for both your router as well as all other devices
  • Update the firmware on your router or device regularly. Turn on automatic updates, where possible
  • Set routers for specified mac addresses, where possible

Following these simple security principles will go a long way towards keeping you safe online. Stopping any would-be attackers at the router level is the first and most important step towards securing your device.

Secure Your Router

Now, it is hard to provide a universal set of step-by-step guide given that there are tons of different routers out there but here is a general overview to get you started. Your router manufacturer should have a section on their website with instructions and details for your particular device.

You can login to your router by keying in the IP address in the address bar. Usually this is http://192.168.1.1 or something similar, but a quick search for your router model should pull up the information you need: the IP, default username and password.

Step 1. Login to your router and change the default password. If you have the option to change the username from “admin”, do so as well. Attackers use automated tools to scan networks, so changing “admin” to something else injects a little more ‘complexity’ to those attacks.

Step 2. Disable WPS if your router has this feature. Refrain from using WPS as it makes life much easier for hackers.

Step 3. Enable HTTPS login if that is available (NOTE: every device comes with a unique set of rules so it is impossible to offer a universal set of instructions). This encrypts your connection when accessing your router’s configuration page. Disable traditional HTTP and only use HTTPS whenever possible.

Step 4. Ensure remote access is disabled unless you know exactly what you are doing. Remote access allows you to login from anywhere and opens your device up for attack.

Step 5. Enable WPA2 encryption for your wireless network and select a long, random passphrase. Choose a passphrase that even the NSA are unable to crack, which means your name, birthdates, QWERTY, 12345678 are OUT, unfortunately.

Step 6. Update your router’s firmware. Enable automatic updating if your router supports it.

Step 7. Enable logging so that in the event something happens, you have a record to retrace and track the problem down.

This is pretty much it for router security basics. Now that you have locked your network down, securing your device will be up next.

Stay tuned.

Disclaimer:

1. Information within this article serves as a general information source only and we are not involved in giving professional advice here.

2. The Website may not cover all information available on a particular issue. Nothing contained on this article constitutes professional advice nor is it to be relied on when making any decision. The information or opinions discussed on this article may not be suitable for you and you should do your own checks or obtain professional advice relevant to your particular circumstances before relying on information found within this article.

3. While we try to ensure that information posted on this article is timely and accurate, sometimes inaccuracies may occur. All information is provided “as is” and without warranty of any kind. No warranty of any kind, implied, express or statutory, including but not limited to the warranties of non-infringement of third party rights, title, merchantability, satisfactory quality and/or fitness for a particular purpose, is given in relation this article and the materials and information within the article.