Why is Security Advisor's Login Analysis show 'No Data'??

Currently reading
Why is Security Advisor's Login Analysis show 'No Data'??

19
2
NAS
Synology DS920+
Operating system
  1. Windows
Mobile operating system
  1. Android
  2. iOS
Hi all,

I'm hoping someone can help me understand Synology's Security Advisor 'Login Analysis' section. For reference, I currently do not have my Synology login page available externally. I do have a reverse proxy set up for a several applications (i.e. Jellyfin, Bitwarden, Grocy, Firefly) but my main Synology page is not accessible.

I've had Security Advisor on for the last two months and there is 'no data' listed under the login analysis page. In the 'advanced' tag I do have a regular scan schedule setup with daily and monthly reports. In the reports, the login analysis is always 0 under 'high' and 0 for medium. Must I enable something in settings? Should I see a list there? I thought everyone who logs in should be listed there and country location? Pictures are below for reference

What does this mean? Does the fact that there is 'no data' for the login analysis mean that there are no external login attempts being made on my NAS? And that I am safe? Or is there some larger config issue that I should look into?

Greatly appreciate your help,



1622999537907.png
 
Under Security Advisor > Advanced I had the "Security Baseline" setting set to "for home and personal use" see pic below. And in the checklist of that default setting, I have both options for Login analysis checked.

I'm unsure if there's anything further I need to do?

1623013628132.png
 
Upvote 0
Perhaps you never triggered the rules?

Login in as a user and mistype the password 4 times (your cut-off shows 3). Then check as admin if there is a record of multiple password attempts.

7ICYfN6.png
 
Upvote 0
thanks, so I went to my DSM page and logged in and tried logging in 4 failed attempts (I made up a fake username and passwordto to see whether it would work without a matching username). After 4 attempts I got an email that the IP was temporarily banned. So that's good news. However, I didnt see any mention of this in the 'Login Analysis' section. maybe it may be updated tonight when my security log is emailed to me?

I was just wondering because other people have said they had alerts from unknown people trying to access their DSM and they were able to check the logs to see which countries it was coming from. I thought I had configured something wrong because I didnt see any access attempts from anyone. Does this mean that those who are getting access attempts are somehow configuring their DSM to be accessible via the internet (e.g., using a reverse proxy or just having the port open wit hthe DSM service listening to it)?
 
Upvote 0
It should work for internal and external attempts... so a reverse proxy should be covered.

In my example I used a valid username with invalid passwords (my cutoff is set at 2). I did not receive an email as that comes from the blocking feature.
 
Upvote 0

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

I receive the reports monthly, just actually got them on 2/1 and verified for some reason this is still...
Replies
4
Views
695
Try adding them one-at-a-time, saving, logging out, restarting* your computer, then logging back in until...
Replies
12
Views
1,170
It took a while to get iOS Syno Drive Client to reset and ask for my 2FA to log back in. It was set up...
Replies
2
Views
568
My auto-block was always set to block after multiple attempts. Since this login stuff was happening once...
Replies
15
Views
1,902

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top