Jean Galea

Health, Wealth & Happiness

  • Start Here
  • About
  • Investing
    • Cryptoassets
    • P2P Lending
    • Real estate
  • Podcast
  • Search

🛡️ How to Secure a Synology Diskstation

Last updated: April 01, 20207 Comments

The Synology Diskstation is a great tool for backing up your files and acting as a central media storage device.

Since it will host so much important data, securing it properly is of paramount importance. Here’s some good practices to follow in order to achieve a very good level of security:

  • Enable autoblock. E.g. 3 tries in 60 minutes.
  • Change the default ports for HTTP and HTTPS.
  • Set up an SSL certificate and force use HTTPS on all connections.
  • Enforce strong passwords for all users.
  • Disable QuickConnect.
  • No port forwarding on the router. You can map the NAS to an IP locally so it doesn’t change when it reboots.
  • Disable the regular admin account and created a new one.
  • Create a regular user account for yourself to use with QuickConnect (if you decide to use it) as well as locally, and only use the new admin account for administration when needed in DSM.

Any other tips that you know about?

Filed under: Tech

Related

About Jean Galea

Jean Galea is a dad, amateur padel player, host of the Mastermind.fm podcast, investor and entrepreneur.

Comments

  1. Janos Biro says

    May 11, 2019 at 8:55 pm

    Hi,

    Great post, thanks!

    I would also suggest enabling 2 factor authentication, as additional security layer,

    However I do not really get the point of this one…
    “No port forwarding on the router. You can map the NAS to an IP locally so it doesn’t change when it reboots.”

    How else am I supposed to use File Station, Download Station, Audio Station etc? Setting up VPN to listen to some music from my NAS seems a bit of an overkill to me.

    Regards,
    Janos

    Reply
  2. Andrzej Browarski says

    January 3, 2019 at 11:41 pm

    Hi, great post – already applied most of your tips. Can you explain, however, this one:

    No port forwarding on the router. You can map the NAS to an IP locally so it doesn’t change when it reboots.

    Reply
  3. Sid123 says

    June 6, 2018 at 1:47 pm

    Hi, Nice post
    Synology DiskStation can be used in homes and institutions to store large amounts of data in a central location. Users can access this information through a local area network (LAN). The idea is to provide a single file copy for multiple users.
    Thanks for sharing.

    Reply
  4. Jean Paul Gatt says

    March 1, 2018 at 11:53 am

    Forget remote access without VPN. Too risky.

    Reply
  5. Joe Cilia says

    March 1, 2018 at 10:42 am

    Agreed Jean however without a fixed IP disabling Quickconnect does not allow for remote access. Being using Synology for 3 years now and very satisfied

    cheers
    Joe

    Reply
    • Jean says

      March 1, 2018 at 10:53 am

      That’s correct, Quickconnect is the easiest way to access the Synology remotely. I will also be looking into VPNs as a potential alternative.

      Reply
    • Charles Borlase says

      September 13, 2020 at 7:54 pm

      Actually with DDNS, you can use a VPN reliably without your router having a fixed IP address. (your VPN client configuration can use the DDNS name rather than IP address)

      Either run OpenVPN on your router, or on the NAS and port forward from your router. Note if you choose the latter, the NAS should have a static IP address.

      Also, nix UPnP on your router. No need to let devices in hour house decide what ports they need open for the outside world to connect to without your knowing.

      Reply

Leave a Reply Cancel reply

Thanks for choosing to leave a comment. Please keep in mind that all comments are moderated according to our comment policy, and your email address will NOT be published. Please Do NOT use keywords or links in the name field.

Latest Padel Match

Jean Galea

Investor | Dad | Global Citizen | Athlete.

Follow @jeangalea

  • Padel
  • Affiliate Disclaimer
  • Cookies
  • Contact

Copyright © 2021 · Hosted at Kinsta · Built on the Genesis Framework