Hello
I am very new here and have already found some information. I have been using Synology NAS since 2015.
In Docker runs an application that must be accessible from the outside via HTTPS and ReversProxy (port forwarding 443). This means that anyone who knows the DynDNS address can access the login page. I have set up the application in question with a strong password, a complicated user name and the 2FA.
The firewall in the Synology is set up quite well with a few rules (as far as I can tell) and also provides some protection.
My understanding is that the possible DSM security settings - besides the firewall - are not effective for applications running in Docker. Especially those that prevent the IP from being blocked after several failed attempts to log in.
An unused RT2600ac is still available. My idea is to use it in bridge mode - as a switch, so to speak - and place the Synology behind it.
The question is, does this increase security at all if the "Threat Prevention" app possible on the RT2600ac is active? For example, would this provide protection against brute force/rainbow table attacks?
I am familiar with "Fail2Ban". But the installation is beyond my skills.
Best regards
And yes, I use deepl.com for the translation from German.
Translated with www.DeepL.com/Translator (free version)
I am very new here and have already found some information. I have been using Synology NAS since 2015.
In Docker runs an application that must be accessible from the outside via HTTPS and ReversProxy (port forwarding 443). This means that anyone who knows the DynDNS address can access the login page. I have set up the application in question with a strong password, a complicated user name and the 2FA.
The firewall in the Synology is set up quite well with a few rules (as far as I can tell) and also provides some protection.
My understanding is that the possible DSM security settings - besides the firewall - are not effective for applications running in Docker. Especially those that prevent the IP from being blocked after several failed attempts to log in.
An unused RT2600ac is still available. My idea is to use it in bridge mode - as a switch, so to speak - and place the Synology behind it.
The question is, does this increase security at all if the "Threat Prevention" app possible on the RT2600ac is active? For example, would this provide protection against brute force/rainbow table attacks?
I am familiar with "Fail2Ban". But the installation is beyond my skills.
Best regards
And yes, I use deepl.com for the translation from German.
Translated with www.DeepL.com/Translator (free version)