Info Digital Security Assessment Checklist

Currently reading
Info Digital Security Assessment Checklist

Rusty

Moderator
NAS Support
2,486
746
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS

jeyare

Subscriber
1,609
543
Really good job
@SynoMan - save it pls. as Resource for NAS newbies

question - how to calculate full score, when:
- I haven’t in usage IoT devices or SRM
- also for my 3-2-1 backup scheme where I don’t like use public cloud providers
- I don’t like automatic update of DSM, because past experiences :)
 

SynoMan

Administrator
Moderator
Founder
Done:
 

fredbert

Moderator
NAS Support
Subscriber
1,700
692
NAS
DS1520+, DS218+, DS215j
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Last edited:
I'd lean towards DNS over TLS rather than HTTPS.

Look at the items as a checklist that you consider and decide the best policy for your environment. Provided you have a valid reason doing something different than that can be considered as meeting the requirement with N/A. For example:

  • Backup external drives using USB Copy ... nope, I use CCC to backup external drives that are connected to Macs to other non-NAS destinations.
  • IoT ... I don't consider I have any.
  • RDP ... that's a Windows protocol and not applicable in Mac environment.
  • Snapshot Replication... IIRC that needs Btrfs, so not applicable for NAS with only Ext4 drives.
  • Automatic software updates ... nope. By all means check for updates but you should decide when to update. What happens if the update channel gets compromised?
Maybe a check that NAS admin accounts can only login from permitted subnets? Especially for DSM postal itself. You can VPN (doesn't need to be the admin account for VPN) in and then login to an admin account.
SSH limited from permitted subnets?
Separate SSH and SFTP ports?

The old ITSEC criteria provided for weaker technical mechanisms being enhanced through physical environment controls. This criteria along with TCSEC formed the basis of the Common Criteria.
 

Rusty

Moderator
NAS Support
2,486
746
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Aaaa that PDF. Dohhhh.
 

fredbert

Moderator
NAS Support
Subscriber
1,700
692
NAS
DS1520+, DS218+, DS215j
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Not me either.
 

jeyare

Subscriber
1,609
543
here is official answer from Syno support:

Dear customer,

thank you for your inquiry with Synology and we will gladly assist you. The document has been updated and already prepared for the upcoming DSM version.

The link has changed, the document is now directly available here. https://global.download.synology.co.../enu/Digital_Asset_Security_Checklist_enu.pdf

Since the link may change again when updated, it is better to search for the document in the download area, for example using the search term 'digital'.

Synology Inc.
 

SynoMan

Administrator
Moderator
Founder
@SynoMan - make it pls available as independent Security resource, thx
Thanks again, @jeyare. Here it is:
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Similar threads

Similar threads

Trending threads

Top