Synology Network Attached Storage (DSM 6), How to setup and configure a Synology NAS (DSM 6)

How to setup a Synology NAS Part 32: Security settings to consider enabling

1,859 views

In this video we review the security settings that can be found in Disk Station Manager on your Synology NAS. The aim of this video is to only suggest, security settings you should consider enabling or disabling.

As the security of your NAS will always be a judgement call. You will need to weigh the security of your data, against how easy it is to access.

While we make every attempt to be as accurate as possible. As with all information on the Internet. Before configuring your NAS, please make sure that you have corroborating information from multiple sources.

Notes: If you intend to make your NAS accessible via the internet. We recommend that you do not use the default Admin account that is created automatically, when you first setup your Synology NAS. It is also a good idea to give the password to your administrators account, a really long password. Ideally, your password should be over 10 characters in length, using both upper and lower case letters, numbers and at least one character.

Quick reference notes:

Log into Disk Station Manager (DSM) with administrators privileges
Select Control Panel – System – User
Check that you have disabled the default admin and guest accounts.
Consider enabling strong password rules and password expiration.
Select from within Control Panel, Security.
Under General consider enabling “Do not allow DSM to be embedded with iFrame“

Notes: The Firewall on our NAS is designed to monitor and control both incoming and outgoing data on our NAS. While you don’t have to enable the NAS Firewall. It can be useful to prevent devices inside of our home network from trying to make unauthorised connections to our NAS. We will specifically look at configuring the Firewall in the next video in this series.

In Protection consider enabling DoS protection.
From within Account enable Auto Block, and set the Login attempts and Within settings.

Notes: An SSL certificate is used to secure data being sent between a NAS and a web browser. Your SSL certificate can be either signed or self signed, they work in the same way. However a self-signed certificate will not be as trusted by your web browser.

Within Advanced consider enabling HTTP Compression. This setting may be useful if you are hosting websites on your NAS.
TSL/SSL Profile Level we suggest leaving set to Intermediate compatibility until after you have fully completed the setup for you NAS.

Additional resources required:

We recommend that you keep a spreadsheet or have a note pad that contains all of the important information regarding the setup of your NAS. This would include recording the administrators user name and password.

Reference materials:

Synology Support – Secuirty
Synology Support Article – How to enhance the security of your Synology NAS
Article from Wikipedia – What is a Brute Force Attack
Notes from Wikipedia – What is a Cross Site Script Attack
Definition from Wikipedia – What is a DoS Attack
Comodo website – What is a Firewall

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 Year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the Advertisement category.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
gdpr_status	6 months 2 days	This cookie is set by the provider Media.net. This cookie is used to check the status whether the user has accepted the cookie consent box. It also helps in not showing the cookie contest box upon re-entry to the website
JSESSIONID	Session	Used by sites written in JSP. General purpose platform session cookies that are used to maintain users' state across page requests.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__gads	1 year 24 days	This cookie is set by Google and stored under the name dounleclick.com. This cookie is used to track how many times users see a particular advert which helps in measuring the success of the campaign and calculate the revenue generated by the campaign. These cookies can only be read from the domain that it is set on so it will not track any data while browsing through another sites.
CONSENT	16 years 4 months 2 days 11 hours 7 minutes	These cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click “like” on a video.
session_depth	30 minutes	This cookie is used to store the video preferences of the user using the embedded YouTube Video
uid	5 months 30 days	This cookie is used to measure the number and behavior of the visitors to the website anonymously. The data includes the number of visits, average duration of the visit on the website, pages visited, etc. for the purpose of better understanding user preferences for targeted advertisments.
vuid	2 years	Vimeo installs this cookie to collect tracking information by setting a unique ID to embedded video the website
YSC	Session	This cookies is set by Youtube and is used to track the views of embedded videos.

Cookie	Duration	Description
anj	3 months	The anj cookie contains data denoting whether a cookie ID is synced with our partners. ID syncing enables our partners to use their data from outside the Platform on the Platform.
CMID	1 Year 30 days	The cookie is set by CasaleMedia. The cookie is used to collect information about the usage behavior for targeted advertising.
CMPRO	3 months	This cookie is set by Casalemedia and is used for targeted advertisement purposes.
CMPS	3 Months	This cookie is set by Casalemedia and is used for targeted advertisement purposes.
CMRUM3	1 year	This cookie is set by Casalemedia and is used for targeted advertisement purposes.
CMST	1 day	The cookie is set by CasaleMedia. The cookie is used to collect information about the usage behavior for targeted advertising.
i	1 year	No description available.
IDE	1 Year 30 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
KADUSERCOOKIE	3 months	The cookie is set by pubmatic.com for identifying the visitors' website or device from which they visit PubMatic's partners' website.
KTPCACOOKIE	1 day	This cookie is set by pubmatic.com for the purpose of checking if third-party cookies are enabled on the user's website.
mc	1 year 1 month	This cookie is associated with Quantserve to track anonymously how a user interact with the website.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
uuid	3 months	To optimize ad relevance by collecting visitor data from multiple websites such as what pages have been loaded.
uuid2	3 months	This cookies is set by AppNexus. The cookies stores information that helps in distinguishing between devices and browsers. This information us used to select advertisements served by the platform and assess the performance of the advertisement and attribute payment for those advertisements.
VISITOR_INFO1_LIVE	6 months	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
yt-remote-connected-devices	never	These cookies are set via embedded youtube-videos.
yt-remote-device-id	never	These cookies are set via embedded youtube-videos.
yt.innertube::nextId	never	These cookies are set via embedded youtube-videos.
yt.innertube::requests	never

Cookie	Duration	Description
__gpi	1 Year 24 days	No description
cookielawinfo-checkbox-functional	1 year	No description available
fc	5 months 27 days	No description available
pf	Session	PingFederate identifies sessions by their respective PF cookies. Some adapters, such as the HTML Form Adapter, also utilize the PF cookie to manage their adapter-sessions
pxs	5 months 27 days	No description available

How to setup a Synology NAS Part 32: Security settings to consider enabling

Quick reference notes:

Additional resources required:

Reference materials:

Thank you for your support

Login

Advertisement