The Synology Diskstation is a great tool for backing up your files and acting as a central media storage device.
Since it will host so much important data, securing it properly is of paramount importance. Here’s some good practices to follow in order to achieve a very good level of security:
- Enable autoblock. E.g. 3 tries in 60 minutes.
- Change the default ports for HTTP and HTTPS.
- Set up an SSL certificate and force use HTTPS on all connections.
- Enforce strong passwords for all users.
- Disable QuickConnect.
- No port forwarding on the router. You can map the NAS to an IP locally so it doesn’t change when it reboots.
- Disable the regular admin account and created a new one.
- Create a regular user account for yourself to use with QuickConnect (if you decide to use it) as well as locally, and only use the new admin account for administration when needed in DSM.
Any other tips that you know about?
Hi,
Great post, thanks!
I would also suggest enabling 2 factor authentication, as additional security layer,
However I do not really get the point of this one…
“No port forwarding on the router. You can map the NAS to an IP locally so it doesn’t change when it reboots.”
How else am I supposed to use File Station, Download Station, Audio Station etc? Setting up VPN to listen to some music from my NAS seems a bit of an overkill to me.
Regards,
Janos
Hi, great post – already applied most of your tips. Can you explain, however, this one:
No port forwarding on the router. You can map the NAS to an IP locally so it doesn’t change when it reboots.
Hi, Nice post
Synology DiskStation can be used in homes and institutions to store large amounts of data in a central location. Users can access this information through a local area network (LAN). The idea is to provide a single file copy for multiple users.
Thanks for sharing.
Forget remote access without VPN. Too risky.
Agreed Jean however without a fixed IP disabling Quickconnect does not allow for remote access. Being using Synology for 3 years now and very satisfied
cheers
Joe
That’s correct, Quickconnect is the easiest way to access the Synology remotely. I will also be looking into VPNs as a potential alternative.
Actually with DDNS, you can use a VPN reliably without your router having a fixed IP address. (your VPN client configuration can use the DDNS name rather than IP address)
Either run OpenVPN on your router, or on the NAS and port forward from your router. Note if you choose the latter, the NAS should have a static IP address.
Also, nix UPnP on your router. No need to let devices in hour house decide what ports they need open for the outside world to connect to without your knowing.