Info Digital Security Assessment Checklist

Currently reading
Info Digital Security Assessment Checklist

jeyare

Subscriber
2,486
833
NAS
Synology, TrueNAS
Operating system
  1. Linux
  2. Windows
Really good job
@SynoMan - save it pls. as Resource for NAS newbies

question - how to calculate full score, when:
- I haven’t in usage IoT devices or SRM
- also for my 3-2-1 backup scheme where I don’t like use public cloud providers
- I don’t like automatic update of DSM, because past experiences :)
 

SynoMan

Administrator
Moderator
Founder
1,122
646
www.synoforum.com
NAS
DS720+, DS418play
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Done:
 

fredbert

Moderator
NAS Support
Subscriber
4,075
1,614
NAS
DS1520+, DS218+, DS215j
Router
  1. RT2600ac
  2. MR2200ac
  3. RT6600ax
Operating system
  1. macOS
Mobile operating system
  1. iOS
Last edited:
I'd lean towards DNS over TLS rather than HTTPS.

Look at the items as a checklist that you consider and decide the best policy for your environment. Provided you have a valid reason doing something different than that can be considered as meeting the requirement with N/A. For example:

  • Backup external drives using USB Copy ... nope, I use CCC to backup external drives that are connected to Macs to other non-NAS destinations.
  • IoT ... I don't consider I have any.
  • RDP ... that's a Windows protocol and not applicable in Mac environment.
  • Snapshot Replication... IIRC that needs Btrfs, so not applicable for NAS with only Ext4 drives.
  • Automatic software updates ... nope. By all means check for updates but you should decide when to update. What happens if the update channel gets compromised?
Maybe a check that NAS admin accounts can only login from permitted subnets? Especially for DSM postal itself. You can VPN (doesn't need to be the admin account for VPN) in and then login to an admin account.
SSH limited from permitted subnets?
Separate SSH and SFTP ports?

The old ITSEC criteria provided for weaker technical mechanisms being enhanced through physical environment controls. This criteria along with TCSEC formed the basis of the Common Criteria.
 

jeyare

Subscriber
2,486
833
NAS
Synology, TrueNAS
Operating system
  1. Linux
  2. Windows
here is official answer from Syno support:

Dear customer,

thank you for your inquiry with Synology and we will gladly assist you. The document has been updated and already prepared for the upcoming DSM version.

The link has changed, the document is now directly available here. https://global.download.synology.co.../enu/Digital_Asset_Security_Checklist_enu.pdf

Since the link may change again when updated, it is better to search for the document in the download area, for example using the search term 'digital'.

Synology Inc.
 

SynoMan

Administrator
Moderator
Founder
1,122
646
www.synoforum.com
NAS
DS720+, DS418play
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

With 5 different and manually set thresholds across source and destination its not exactly a push button...
Replies
3
Views
651
Hello guys, I am sorry for my late response, but I was travelling due to work duties. Hello Rusty, I...
Replies
4
Views
319
Replies
2
Views
821
  • Question
I completely missed the difference you meant when you said you’re using nginx reverse proxy. DSM uses...
Replies
14
Views
984
They sound like good options to set so well done on hunting them down. 👍 I probably prattle on about the...
Replies
7
Views
1,464
  • Locked
We already have the thread here: https://www.synoforum.com/threads/synology-sa-22-03-dsm.8069/ Thank you
Replies
1
Views
574
  • Question
If the mechanics of ABB will remain the same, then you will be able to use SR to replicate the content and...
Replies
12
Views
1,279

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Top