Info Digital Security Assessment Checklist

Currently reading
Info Digital Security Assessment Checklist

Really good job
@SynoMan - save it pls. as Resource for NAS newbies

question - how to calculate full score, when:
- I haven’t in usage IoT devices or SRM
- also for my 3-2-1 backup scheme where I don’t like use public cloud providers
- I don’t like automatic update of DSM, because past experiences :)
 
Done:
 
Last edited:
I'd lean towards DNS over TLS rather than HTTPS.

Look at the items as a checklist that you consider and decide the best policy for your environment. Provided you have a valid reason doing something different than that can be considered as meeting the requirement with N/A. For example:

  • Backup external drives using USB Copy ... nope, I use CCC to backup external drives that are connected to Macs to other non-NAS destinations.
  • IoT ... I don't consider I have any.
  • RDP ... that's a Windows protocol and not applicable in Mac environment.
  • Snapshot Replication... IIRC that needs Btrfs, so not applicable for NAS with only Ext4 drives.
  • Automatic software updates ... nope. By all means check for updates but you should decide when to update. What happens if the update channel gets compromised?
Maybe a check that NAS admin accounts can only login from permitted subnets? Especially for DSM postal itself. You can VPN (doesn't need to be the admin account for VPN) in and then login to an admin account.
SSH limited from permitted subnets?
Separate SSH and SFTP ports?

The old ITSEC criteria provided for weaker technical mechanisms being enhanced through physical environment controls. This criteria along with TCSEC formed the basis of the Common Criteria.
 
here is official answer from Syno support:

Dear customer,

thank you for your inquiry with Synology and we will gladly assist you. The document has been updated and already prepared for the upcoming DSM version.

The link has changed, the document is now directly available here. https://global.download.synology.co.../enu/Digital_Asset_Security_Checklist_enu.pdf

Since the link may change again when updated, it is better to search for the document in the download area, for example using the search term 'digital'.

Synology Inc.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

With 5 different and manually set thresholds across source and destination its not exactly a push button...
Replies
3
Views
1,371
Try adding them one-at-a-time, saving, logging out, restarting* your computer, then logging back in until...
Replies
12
Views
1,014
I receive the reports monthly, just actually got them on 2/1 and verified for some reason this is still...
Replies
4
Views
549
It took a while to get iOS Syno Drive Client to reset and ask for my 2FA to log back in. It was set up...
Replies
2
Views
441
  • Question
Unless your home network is CGNAT, Tailscale offers no real advantage over VPN or HTTPS. Keep it simple...
Replies
3
Views
1,180
Why sad Mr. T? I’ve learned much in past 5 years, but last 2…. It’s like someone stepped on the gas! I...
Replies
1
Views
900

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top