The Synology Diskstation is a great tool for backing up your files and acting as a central media storage device.
Since it will host so much important data, securing it properly is of paramount importance. Here’s some good practices to follow in order to achieve a very good level of security:
- Enable autoblock. E.g. 3 tries in 60 minutes.
- Change the default ports for HTTP and HTTPS.
- Set up an SSL certificate and force use HTTPS on all connections.
- Enforce strong passwords for all users.
- Disable QuickConnect.
- No port forwarding on the router. You can map the NAS to an IP locally so it doesn’t change when it reboots.
- Disable the regular admin account and created a new one.
- Create a regular user account for yourself to use with QuickConnect (if you decide to use it) as well as locally, and only use the new admin account for administration when needed in DSM.
Any other tips that you know about?
![]()
Janos Biro says
May 11, 2019 at 8:55 pmHi,
Great post, thanks!
I would also suggest enabling 2 factor authentication, as additional security layer,
However I do not really get the point of this one…
“No port forwarding on the router. You can map the NAS to an IP locally so it doesn’t change when it reboots.”
How else am I supposed to use File Station, Download Station, Audio Station etc? Setting up VPN to listen to some music from my NAS seems a bit of an overkill to me.
Regards,
Janos
![]()
Andrzej Browarski says
January 3, 2019 at 11:41 pmHi, great post – already applied most of your tips. Can you explain, however, this one:
No port forwarding on the router. You can map the NAS to an IP locally so it doesn’t change when it reboots.
![]()
Sid123 says
June 6, 2018 at 1:47 pmHi, Nice post
Synology DiskStation can be used in homes and institutions to store large amounts of data in a central location. Users can access this information through a local area network (LAN). The idea is to provide a single file copy for multiple users.
Thanks for sharing.
Jean Paul Gatt says
March 1, 2018 at 11:53 amForget remote access without VPN. Too risky.
![]()
Joe Cilia says
March 1, 2018 at 10:42 amAgreed Jean however without a fixed IP disabling Quickconnect does not allow for remote access. Being using Synology for 3 years now and very satisfied
cheers
Joe
![]()
Jean says
March 1, 2018 at 10:53 amThat’s correct, Quickconnect is the easiest way to access the Synology remotely. I will also be looking into VPNs as a potential alternative.