Are you one of those we have convinced to choose a NAS for your home automation? So much better! As we have seen recently, a network storage server has many advantages, particularly that of operating locally.
Nevertheless, we are tempted to expose it a little on the Internet to access it from everywhere. Unfortunately, this is not without risks, as we saw last summer with a massive brute force attack at Synology or, even worse, with the Trojan resetting some Western Digital NAS. Today we invite you to follow these 10 tips to secure your Synology NAS.
Secure Access To your Synology NAS
Although our guide is not exhaustive, these 10 steps to secure a Synology NAS will be enough to use your NAS remotely confidently. Whether you use Domoticz, Jeedom, or Home Assistant, these good practices will allow you to keep your connected home private.
Disable Admin Account
The first thing to do on a Synology NAS is to disable the default “admin” account. We advise you to create a second one with full administrative rights but a different name. Forget “admin,” “administrators,” “sysadmin,” “nodules,” “first name,” and “name123,” and choose strong identifiers!
Choose Strong Identifiers
It’s basic, but many still need to improve their credentials. It is customary to recommend a password with a minimum of 8 characters, including uppercase, lowercase, numbers, and special characters. Still, you can go further with 12 to 15 characters and choose complex usernames. This is valid for all accounts, and we will also make it mandatory. If you have trouble remembering your passwords, use a password manager like Dashlane, LastPass, or WordPress.
Set Up Double Authentication (2FA)
Double authentication (2FA) has become essential, and Synology offers a dedicated application called Secure SignIn. To use without moderation!
Protecting Your Synology Account
Still on the same screen, just below, DSM offers you to detect connection failures that are too frequent to be normal. A checkable option to protect your Synology accounts, and therefore your NAS, from attacks by unwanted clients.
As on your computer, a firewall is essential to protect your Synology NAS properly. This firewall allows you to define more or less strict access rules, authorize or not the connection to certain services, block unwanted IP addresses, or limit access to some of your choice.
Automatic Blocking And DoS Protection
It is the counterpart of the firewall, another essential option that automatically blocks addresses making too many connection attempts. Below DSM 7, we invite you to activate the DoS protection, which protects you from denial of service (DDoS) attacks.
When HTTPS is enabled, connections are encrypted using SSL/TLS, which secures access to your Synology NAS. You can also customize the default ports and targets of choice to reduce the number of malicious login attempts.
Disable SSH And Telnet
Although we use it regularly in our DIY home automation tutorials, in particular with Home Assistant and Jeedom, we strongly advise you to disable SSH when you are not using it. The default ports are prime targets. Feel free to change them when you re-enable them. Similarly, you can disable Telnet or the AFP file service.
Enable Quick Connect
Now that we have blocked everything, we must keep a way to connect to our NAS from the Internet. To do this, Synology offers a service called QuickConnect. It is the simplest solution to access your NAS and its applications remotely without having to embark on a more specific configuration requiring intervention on your router or box. How does it work? Your NAS will connect to “Synology Relay Server,” a free cloud service intermediating your client and server. There are better performances, it’s true, but it’s a simple and effective solution.
Although we mention it last, it is perhaps the first thing to do! Keeping your system up to date is the first security. Indeed, in addition to new features, updates frequently bring security patches.
ALSO READ: Why Choose ZTNA For Enterprise Security?
Other Safety Recommendations
In the meantime, you can:
- Empower Security Guide: Security Consultant is a DSM-incorporated application that examines your Synology NAS, looks at your settings, and cautions you about security shortcomings. An extremely valuable instrument that permits you to imagine initially
- Keep your apps updated: whether Home Assistant, Jeedom, Mosquitto MQTT, Zigbee2MQTT, or any DSM package, update as soon as possible (except maybe for Home Assistant… ).
- Install an antivirus: although your NAS is now secure, you could sometimes host infected files there. Synology offers two antiviruses, a free one called Antivirus Essential and a paying one called Antivirus by McAfee; why deprive yourself of it? As far as we are concerned, we are satisfied with the first one, which, a priori, fulfills its role perfectly. You find them in the Package Center by typing “antivirus.”
- Configure a VPN on Synology NAS: this is the most secure way to access your NAS and other devices on your network from outside…