• New Patreon Tier and Early Access Content available. If you would like to support AVForums, we now have a new Patreon Tier which gives you access to selected news, reviews and articles before they are available to the public. Read more.

Question How to secure my NAS?

goooober

Active Member
I put together my own little Xpenology NAS a few weeks ago and it was my first experience with proper home networking, i'd only ever setup a couple of routers before.

Being completely new to using Synology DSM and configuring both the NAS and connected devices i've had to follow a lot of guides as well as just blindly clicking buttons in order to setup DS Cloud Sync, Plex, Sabnzdb, Sonarr, Kodi etc etc.

My concern is that having made changes to permissions and opening ports in my router and allowing devices outside my network to connect to it (my brother's phone and laptop) I may have inadvertently left the NAS and/or the devices connected to it vulnerable. I thought i'd include a few screenshots of various settings i've changed in the process of trying to configure the NAS, installed packages, devices, router etc in case i've done some something obviously wrong.

Control Panel:

Iakla1b.jpg

Typical Shared Folder Options:

cxmqeGu.jpg

EXwNFad.png

0R3wAcv.png

File Services:

ibJNFg0.png

Control Panel > User:

b4v2Dry.png

Typical User Settings:

o4FeORY.png

PRHZS1i.png

tPlv1BU.png

Control Panel > Group

XmShxdn.png

ar1Pp3z.png

Control Panel > Network:

3JvlJlT

XOF9OQa.png

P1cavu5.png

Control Panel > Info Center

21KQcv6.png

Control Panel > Web Services

MdIfKE9.png

Router Port Forwarding (this was for Sab and Sonarr i believe)

dUV0WYj.png


Ok so that turned out to be a lot more screenshots than I thought i'd do, hopefully someone might given them a quick glance :)

Any other general advice would be most appreciated.

Thanks
 

bubblegum57

Well-known Member
On my synology, there is Security advisor, run that to start with, install anti virus package.
 

drummerjohn

Well-known Member
Antivirus won't stop hacking.

On DSM:
Create an Administrator account and then disable the default "admin" account.
Change default ports.

On your router:
Port triggering isn't the right method.
Port forwarding will specify which host on your LAN you want to send that port to.

If DSM https is on TCP 5001 then forward to YOUR_DSM_IP only.
OR
Don't change default ports on DSM and create a forwarding rule. Example for DSM Web - create a forwarding rule for port, say TCP 5050, and send to YOUR_DSM_IP as port TCP 5001.
So if you try to access your DSM externally (WAN side) youl have to put https://yourwanip:5050
 

The latest video from AVForums

Fidelity in Motion's David Mackenzie talks about his work on disc encoding & the future of Blu-ray
Subscribe to our YouTube channel
Support AVForums with Patreon

Top Bottom