In this video we review the security settings that can be found in Disk Station Manager on your Synology NAS. The aim of this video is to only suggest, security settings you should consider enabling or disabling.
As the security of your NAS will always be a judgement call. You will need to weigh the security of your data, against how easy it is to access.
While we make every attempt to be as accurate as possible. As with all information on the Internet. Before configuring your NAS, please make sure that you have corroborating information from multiple sources.
Notes: If you intend to make your NAS accessible via the internet. We recommend that you do not use the default Admin account that is created automatically, when you first setup your Synology NAS. It is also a good idea to give the password to your administrators account, a really long password. Ideally, your password should be over 10 characters in length, using both upper and lower case letters, numbers and at least one character.
Quick reference notes:
- Log into Disk Station Manager (DSM) with administrators privileges
- Select Control Panel – System – User
- Check that you have disabled the default admin and guest accounts.
- Consider enabling strong password rules and password expiration.
- Select from within Control Panel, Security.
- Under General consider enabling “Do not allow DSM to be embedded with iFrame“
Notes: The Firewall on our NAS is designed to monitor and control both incoming and outgoing data on our NAS. While you don’t have to enable the NAS Firewall. It can be useful to prevent devices inside of our home network from trying to make unauthorised connections to our NAS. We will specifically look at configuring the Firewall in the next video in this series.
- In Protection consider enabling DoS protection.
- From within Account enable Auto Block, and set the Login attempts and Within settings.
Notes: An SSL certificate is used to secure data being sent between a NAS and a web browser. Your SSL certificate can be either signed or self signed, they work in the same way. However a self-signed certificate will not be as trusted by your web browser.
- Within Advanced consider enabling HTTP Compression. This setting may be useful if you are hosting websites on your NAS.
- TSL/SSL Profile Level we suggest leaving set to Intermediate compatibility until after you have fully completed the setup for you NAS.
Additional resources required:
- We recommend that you keep a spreadsheet or have a note pad that contains all of the important information regarding the setup of your NAS. This would include recording the administrators user name and password.
- Synology Support – Secuirty
- Synology Support Article – How to enhance the security of your Synology NAS
- Article from Wikipedia – What is a Brute Force Attack
- Notes from Wikipedia – What is a Cross Site Script Attack
- Definition from Wikipedia – What is a DoS Attack
- Comodo website – What is a Firewall