Hi all,
Small introduction: Used to be a QNAP user for about 6 months and then I got hit with deadbolt ransomware. Even though I made mistakes in securing my NAS (given the fact I was new to this "world"), QNAP was still hit another 2-3 times this year with the same deadbolt virus, which indicated to me that they had to many 0-day exploits, so I decided to move to Synology.
The past aside, I decided to secure my NAS as best I could, and so, I decided to ask your opinion if what I did is good, or if I should do more things to secure the NAS.
I'll mainly use my NAS DS720+ for PLEX (locally and over the internet for family members and friends) and as a working server for me and 1-2 work colleagues (SMB through OVPN).
I have a static public IP address
Steps I already took:
- enabled firewall and created a profile with rules that should block all IP's from outside my country (Romania), given the fact that the people who will use PLEX & work are not abroad
----------------------------------------------------------------------------------------------------------------------------
Steps I'm thinking about:
1. I still haven't decided if i should use QuickConnect or set up a DDNS. I understand that QuickConnect is the more secure version because it goes through Synology servers, but at the cost of speed? .
Regarding DDNS, I could go two routes:
a) DDNS with Synology service provider
b) DDNS with my ISP service provider (domain go.ro)
Will the fact that I banned all the IP's from outside Romania, be an issue to the QuickConnect or DDNS through Synology?
2. Should I use two factor authentication, or is it overkill?
3. Given the fact that I set up the firewall, should I install an antivirus from the Package Center, and if yes, what do you recommend?
Thank you
Small introduction: Used to be a QNAP user for about 6 months and then I got hit with deadbolt ransomware. Even though I made mistakes in securing my NAS (given the fact I was new to this "world"), QNAP was still hit another 2-3 times this year with the same deadbolt virus, which indicated to me that they had to many 0-day exploits, so I decided to move to Synology.
The past aside, I decided to secure my NAS as best I could, and so, I decided to ask your opinion if what I did is good, or if I should do more things to secure the NAS.
I'll mainly use my NAS DS720+ for PLEX (locally and over the internet for family members and friends) and as a working server for me and 1-2 work colleagues (SMB through OVPN).
I have a static public IP address
Steps I already took:
- made sure default admin account and ssh are disabled and enforced harsh password rules for the users
- for plex I set it up so that it uses internal port 32400 (plex default port) on NAS, and a random external port through router (this port is forwarded)
- checked auto block in Security>Protection and account protection in Security>Account (with default settings)
- changed default ports (5000 & 5001) for DSM Web Services in Login Portal. Made a search for Synology on shodan.io and then looked at the top ports used on synology devices, in order to avoid setting a common port that can be used for possible attacks
- enabled snapshot schedule to run every 1 hour with the following retention settings
- enabled firewall and created a profile with rules that should block all IP's from outside my country (Romania), given the fact that the people who will use PLEX & work are not abroad
----------------------------------------------------------------------------------------------------------------------------
Steps I'm thinking about:
1. I still haven't decided if i should use QuickConnect or set up a DDNS. I understand that QuickConnect is the more secure version because it goes through Synology servers, but at the cost of speed? .
Regarding DDNS, I could go two routes:
a) DDNS with Synology service provider
b) DDNS with my ISP service provider (domain go.ro)
Will the fact that I banned all the IP's from outside Romania, be an issue to the QuickConnect or DDNS through Synology?
2. Should I use two factor authentication, or is it overkill?
3. Given the fact that I set up the firewall, should I install an antivirus from the Package Center, and if yes, what do you recommend?
Thank you