Hello,
I set up DSM. I only use the NAS locally. No plan to access it from outside home network but need to update software and firmware when available. I want to use Synology Photos, Apple's Touch ID as 2FA, Synology Drive an Active Backup for Business. However, these apps seem to require me to create a domain name and generate a certificate. Then, get it authenticated by Let's Encrypt. It seems that to do that, I have to open ports on my router which some users said could create a security risk.
I expressed my concern and Synology told me that:
"These applications do not require a connection certificate. Connection certificates are only required if you want to connect securely. Otherwise, the connection will be unencrypted."
1. Is it better to have encrypted connections even all the devices are from home network?
I asked them if there is another way to get around this as opening ports creates a security risk and somebody mentioned Tailscale.
They replied:
"Yes, this is only if you connect with the Synology DDNS. Otherwise, you can use the Quickconnect relay service. This does not require port forwarding. You will still connect securely; our Synology Apps are designed to connect with this service.
What are the differences between QuickConnect and DDNS? - Synology Knowledge Center
"
2. Does that mean he suggested using Quickconnect which many people advised against enabling especially for those who do not want/need to make the NAS visible to the internet?
3. In my case, what is the best way to do if I want to use the apps and feature I mentioned? What is the risk for opening ports for a few minutes?
I set up DSM. I only use the NAS locally. No plan to access it from outside home network but need to update software and firmware when available. I want to use Synology Photos, Apple's Touch ID as 2FA, Synology Drive an Active Backup for Business. However, these apps seem to require me to create a domain name and generate a certificate. Then, get it authenticated by Let's Encrypt. It seems that to do that, I have to open ports on my router which some users said could create a security risk.
I expressed my concern and Synology told me that:
"These applications do not require a connection certificate. Connection certificates are only required if you want to connect securely. Otherwise, the connection will be unencrypted."
1. Is it better to have encrypted connections even all the devices are from home network?
I asked them if there is another way to get around this as opening ports creates a security risk and somebody mentioned Tailscale.
They replied:
"Yes, this is only if you connect with the Synology DDNS. Otherwise, you can use the Quickconnect relay service. This does not require port forwarding. You will still connect securely; our Synology Apps are designed to connect with this service.
What are the differences between QuickConnect and DDNS? - Synology Knowledge Center
"
2. Does that mean he suggested using Quickconnect which many people advised against enabling especially for those who do not want/need to make the NAS visible to the internet?
3. In my case, what is the best way to do if I want to use the apps and feature I mentioned? What is the risk for opening ports for a few minutes?