Hi! I'm new here and a general newbie in this world, and because of something out of my control I need to setup my NAS, a DS218+, in a way that I've never configured before.
Until now, I have used my NAS as a Backup and to store some personal data, music, videos and something else. I have always connected to it via the local IP address and a some times I have used Quickconnect to use applications when I was outside (also connected to a laptop with Synology Drive). I have also used the file sharing inside File Station, which I'm not entirely sure if it is Quickconnect or not.
So, a pretty basic use. I have tried my best to make it more secure, like disabling the admin/guest account, creating another administrator account with a different name, using for everyone a randomly generated long password and 2 step verification for everyone. I have never setup a DDNS, HTTPS or something like that. On Windows, I use the drive Z: as a drive network (I don't think is samba?).
The problem I'm facing right now is that a member of my family is moving out, but I still want to give an access to the NAS as always to this person. I have read a lot of things, and basically what I have understood is that setting up OpenVPN is the most secure option for me, but it also makes me confused about a lot of things.
First of all, I think I've understand that I need a domain. I have a very old domain registered to me, where I had a website. Now, the register was pretty basic, without SSL and such, so now I've requested it to move into Google Domains, as I thought it was pretty cheap and it offered an HTTPS connection. My issue is that this domain is still used as a personal website, and I really don't want strangers to discover my (sub?) domain (like synology.domain.com) to enter my NAS. This is making me unconfortable because I have sensitive data inside the NAS and I always tried my best to avoid data leak due to misconfiguration.
After the domain, I need to generate a certificate (Let's encrypt?) and I need to import it into the NAS. I don't actually understand how I should do it the right way.
Lastly, I have seen about the NAS' firewall. I have seen people configuring it with rules to blocking everyone outside my country, concede a full access to protocols and apps only to people connected inside my local network and blocking everyone else, but the firewall settings are pretty confusing and I can't figure out how I really should put those settings.
Basically this is the whole situation. It can be summed up with: I need to configure the NAS for external access, and I don't really know how to configure it the secure way.
I don't know if that can be useful, but my router is a Netgear R6400, with UPnP enabled.
I'm sorry for the long post and for the eventual grammatical horrors I have written here, and thanks in advance!
Until now, I have used my NAS as a Backup and to store some personal data, music, videos and something else. I have always connected to it via the local IP address and a some times I have used Quickconnect to use applications when I was outside (also connected to a laptop with Synology Drive). I have also used the file sharing inside File Station, which I'm not entirely sure if it is Quickconnect or not.
So, a pretty basic use. I have tried my best to make it more secure, like disabling the admin/guest account, creating another administrator account with a different name, using for everyone a randomly generated long password and 2 step verification for everyone. I have never setup a DDNS, HTTPS or something like that. On Windows, I use the drive Z: as a drive network (I don't think is samba?).
The problem I'm facing right now is that a member of my family is moving out, but I still want to give an access to the NAS as always to this person. I have read a lot of things, and basically what I have understood is that setting up OpenVPN is the most secure option for me, but it also makes me confused about a lot of things.
First of all, I think I've understand that I need a domain. I have a very old domain registered to me, where I had a website. Now, the register was pretty basic, without SSL and such, so now I've requested it to move into Google Domains, as I thought it was pretty cheap and it offered an HTTPS connection. My issue is that this domain is still used as a personal website, and I really don't want strangers to discover my (sub?) domain (like synology.domain.com) to enter my NAS. This is making me unconfortable because I have sensitive data inside the NAS and I always tried my best to avoid data leak due to misconfiguration.
After the domain, I need to generate a certificate (Let's encrypt?) and I need to import it into the NAS. I don't actually understand how I should do it the right way.
Lastly, I have seen about the NAS' firewall. I have seen people configuring it with rules to blocking everyone outside my country, concede a full access to protocols and apps only to people connected inside my local network and blocking everyone else, but the firewall settings are pretty confusing and I can't figure out how I really should put those settings.
Basically this is the whole situation. It can be summed up with: I need to configure the NAS for external access, and I don't really know how to configure it the secure way.
I don't know if that can be useful, but my router is a Netgear R6400, with UPnP enabled.
I'm sorry for the long post and for the eventual grammatical horrors I have written here, and thanks in advance!