Data protect and backup on Synology

Currently reading
Data protect and backup on Synology

6
0
NAS
Synology DS920+
Operating system
  1. Windows
Mobile operating system
  1. iOS
Good evening,


I am an old Qnap user and I was victim of a Ramsonware ech0raix attack that encrypted all my nas data. Fortunately I had an external drive where I mirrored the data on a weekly basis. The climax was that the automatic backup I was doing on this disk was activated after the data encryption, so the backup station started copying the encrypted data to the external disk, eliminating the original ones. By a miracle the backup failed shortly after it started and I saved pretty much everything.

So I decided to invest what I saved in data redemption (those crap wanted € 1350) in buying a new Nas and I chose a Synology DS920 +, currently with only a 4tb WD red Pro drive.

I am writing here today to ask you what I can improve to avoid unpleasant problems in the future. I will list the solutions I have implemented at the moment and I kindly ask you to tell me what I can improve to make the data even more secure.

1) On the Synology I have activated firewall and automatic block for excessive login attempts.
2) The Nas Qnap I initialized it (formatted infected drive with various anti malware that identified and removed the malware). On the initialized nas I have installed practically nothing and I deactivated qnapcloud to access remotely, disabled admin account by creating new administrator user, deactivated upnp, activated automatic block for excessive access attempts, deactivated ftp, telnet and dlna.

Backup

Regarding the backups I have set this:
1) Single copy rsync backup from synology to Qnap via network. In practice, a mirror copy of the data carried out once a week.
2) Backup on external hard disk not single copy with smart recycle rotation always once a week. The backup cannot be consulted except through hyperbakcup explorer and if I understand correctly it keeps me different versions of the data over time.
3) Activated Snapshot on the most important folders with advanced retention policy.

I think I have told you everything I have done so far. What else do you recommend?

Thank you
 

Telos

Subscriber
2,344
762
NAS
DS418play, DS213j, DS3622+, DSM 7.1.4-11091
What else do you recommend?
There are many security choices. The first is... set up a user account for yourself. Do not use the administrator account for day-to-day NAS activities (file storage, streaming, sharing, contacts, calendaring, etc).
 
6
0
NAS
Synology DS920+
Operating system
  1. Windows
Mobile operating system
  1. iOS
2) The Nas Qnap I initialized it (formatted infected drive with various anti malware that identified and removed the malware). On the initialized nas I have installed practically nothing and I deactivated qnapcloud to access remotely, disabled admin account by creating new administrator user, deactivated upnp, activated automatic block for excessive access attempts, deactivated ftp, telnet and dlna.
thanks @Telos for reply. The things you suggest me i think that i have just done. Right?

Other things i can do?
 

Telos

Subscriber
2,344
762
NAS
DS418play, DS213j, DS3622+, DSM 7.1.4-11091
The things you suggest me i think that i have just done. Right?
You only stated creating a new administration account. That was not what I pointed out. The administration account should only be used for NAS administration, not for your day-to-day NAS interactions. Create a USER account for that. This is basic for Synology or QNAP.

Then run Security Advisor will all options checked. Search the Synology Knowledge Center for additional recommended security settings.
 
6
0
NAS
Synology DS920+
Operating system
  1. Windows
Mobile operating system
  1. iOS
You only stated creating a new administration account. That was not what I pointed out. The administration account should only be used for NAS administration, not for your day-to-day NAS interactions. Create a USER account for that. This is basic for Synology or QNAP.

Then run Security Advisor will all options checked. Search the Synology Knowledge Center for additional recommended security settings.
Ok maybe I have not understand.



As you can see I disable "admin" user. Then I created another user with different "nickname" and give it administrator authorization. Is this what you are suggesting me?

With "Security advisor" you mean that?


thanks
 
Hello mtguido,

a video with different information on how to protect your data against ransomware was uploaded by synology. You can find it here.

I also recommend to use the checklist which was uploaded to the forum, to increase the security in general and see if you can check and / or uncheck some points.

Best regards,
Schewa
 

Telos

Subscriber
2,344
762
NAS
DS418play, DS213j, DS3622+, DSM 7.1.4-11091
Then I created another user with different "nickname" and give it administrator authorization. Is this what you are suggesting me?
No, create a separate user without administrator authorization. Use that one for your personal needs.

With "Security advisor" you mean that?
Look at your installed packages. You should see one labeled Security Advisor. Run that with all feature checks selected.
 
6
0
NAS
Synology DS920+
Operating system
  1. Windows
Mobile operating system
  1. iOS
No, create a separate user without administrator authorization. Use that one for your personal needs.


Look at your installed packages. You should see one labeled Security Advisor. Run that with all feature checks selected.
I don't use Qnap Nas more. I use it also as remote rsync backup from Synology. In Rsync setup on Qnap i created a specific username for login from synology and make backup.



Those are the only packages I have installed on Qnap. I can't found "security advisor", maybe my snap is too old for this application.
 
6
0
NAS
Synology DS920+
Operating system
  1. Windows
Mobile operating system
  1. iOS
Last edited:
I thought you wanted help securing your Synology NAS. Security Advisor is a Synology package. Apparently my comments have been unclear, so I will stop here.
Your comments are not unclear. Understand that i am not expert as you. Otherwise i thinked that you are talking about my qnap not about my synology. Now i go search for security advisor for synology.
-- post merged: --

Look at your installed packages. You should see one labeled Security Advisor. Run that with all feature checks selected.
Ok now I understand what are you talking about. I just activate security advisor, i can't remember that the name was it.



What do you think about how I have set my backups?

Backup

Regarding the backups I have set this:
1) Single copy rsync backup from synology to Qnap via network. In practice, a mirror copy of the data carried out once a week.
2) Backup on external hard disk not single copy with smart recycle rotation always once a week. The backup cannot be consulted except through hyperbakcup explorer and if I understand correctly it keeps me different versions of the data over time.
3) Activated Snapshot on the most important folders with advanced retention policy.
 
6
0
NAS
Synology DS920+
Operating system
  1. Windows
Mobile operating system
  1. iOS
Last edited:
Seems reasonable. But I like extended rotation (2-3 years). If one week works for you, that is fine.
No maybe I explain it bad. The backup that in set in my external usb hard drive start once a week. The rotation setted for this kind of backup is “Smart recycle” that make various copy of each day, last of each week and last of each month.



Also i have a backup on the old qnap made by rsync in the single version method. So is a mirror copy of data. Also this kind of backup is setted once a week.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

  • Solved
Thank you @Rusty. Seems pretty straight forward. Time to find a NAS. To everyone else, thank you taking...
Replies
7
Views
463
  • Question
LOL!! Glad you found the source of the problem. :LOL:
Replies
8
Views
664
https://kb.synology.com/en-us/DSM/tutorial/How_to_migrate_between_Synology_NAS_DSM_6_0_and_later
Replies
5
Views
871
BACKGROUND I am not a command line/console guy, and there are times where one needs to jump in and figure...
Replies
0
Views
900
Absolutely, as stated, I read the article before. The reason for me asking in the forum is because I don't...
Replies
10
Views
1,100
Yea, that was my initial thought. I think I will enable it. I'm sure there's a downside but, you know...
Replies
3
Views
4,839

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Top