There are several ways to secure Synology NAS, including the fastest and safest way.
Even if you already have an anti-virus program installed, malware may still be running on your computer or network attached storage (NAS), because malware can slip past even the most sophisticated security software.
We've got some tips and tricks for you to help keep your computer safe from malware. Some people said that the very best way to protect your devices against all kinds of malwares is by using a good recommended well-known or popular antivirus program (we know most of them make our device way slower), but don't worry, we have some next level information to ensure this won't happen to you with the following tips and options we have here.
These guidelines will help you protect your network from malware attacks, but we know that you need a truly easy to use solution that is both instant and advanced, and that doesn't require setting up Windows Firewall rules. The following tips will guide you the industry standard best practices when it comes to NAS security, but we know that we need true simple 1 click response solution to this that's instant, more advanced, and trusted than any security software and one step ahead than any antivirus or antimalware out there (without having to set a windows firewall rule).
We have the recommended software at the end of this article if you want to jump straight to it.
Configure DSM users' permission settings
Managing permissions is one of the most important tasks you have to perform on a Synology NAS. This article explains how to configure user accounts and groups to manage privileges on a Synology NAS running DSM 6.2 or above.
Configure password strength rules
You can use password strength rules to help keep your users safe from hackers. This feature allows you to configure how long it takes to display a warning message to users about weak passwords. If you choose to turn off the rule, the warning won't appear even if the password isn't strong enough.
To see what settings are available:
1. Select one of the options under Show password strength messages.
2. Click Save Changes.
3. To view the current setting, open the same window again.
4. Repeat steps 2 through 4 to change the setting.
5. Click OK to close the window.
6. When you're finished configuring the settings, click OK to save changes.
Configure DSM users' permission settings
Managing permissions for individual users and groups is one of the most important tasks you can perform to secure your network. In addition to managing permissions for specific files and folders, you must manage the permissions assigned to each user account and group. This allows you to control what actions are performed by those accounts.
From there, select the user or group whose permissions you want to change. Then select Permissions from the left pane. Next, choose the action you want to assign to the selected user or group. Finally, select either Allow or Deny to apply the changes.
You can also use the following steps to make configuration changes:
1. 2. Select the user or group whose permission settings you want to modify.
3. Choose Permission Settings from the menu bar.
4. If necessary, enter the username or password of the user or group.
5. Select the Action field and select either Allow or Denial.
6. Click OK to save the changes.
Enable auto block and account protection
You can now configure an IP address to be blocked after a certain number of failed logins. When you set up your security settings, you can choose to automatically block an IP address after three unsuccessful logins.
This feature allows you to protect your system against brute force attacks. If someone tries to bruteforce your password, the IP address will be blocked.
Then enter the maximum number of failed logins allowed per hour.
Note: To prevent abuse of this setting, it is recommended to use a dynamic IP address.
Run Security Advisor
Security Advisor is a free app that checks your Synology NAS for common DSM configuration problems. It scans your NAS for common DSM issues, gives you recommendations for how to fix those issues, and provides tips for keeping your NAS secure. This tip focuses on running Security Advisor regularly to help ensure your NAS stays up and running smoothly.
Basic Security Principles
The first line of defense against hackers is your home network. A recent study by Cisco Systems found that nearly half of small businesses don't even bother securing their routers. This leaves open doors for attackers to gain access to sensitive data stored on those networks.
In 2014, security researcher Jacob "thescaryguy" Holzschuh audited NAS devices from ten different vendors, finding vulnerabilities in every one of them. He discovered that most of the devices he tested had default passwords set up during manufacture. If you're like me, you probably didn't change it. When I bought my Synology DS209j NAS, I changed the password to something long and random. But if someone gets hold of your old router, they could easily reset the password to whatever they want.
That's the bad news. The good news is that you don't have to worry about this unless you give someone physical access to your equipment. To carry out these attacks, hackers have to have direct access. So if you've got a locked door and a deadbolt, you're safe.
To make sure you are doing everything possible to secure your network, follow these basic security principles: Keep software updated. Make sure you keep antivirus software running on your computer and NAS device. Use strong passwords. Don't use weak passwords. Change them regularly. Back up your data. Encrypt your backups.
Secure Your Router
If you use a home network, chances are you already know what your router looks like, but did you know there are some security risks associated with having one? Routers are often used as entry points into your home network, making them prime targets for hackers looking to access your personal data.
If you haven't changed your default router settings recently, now might be a good time to do so.
1/ Log In To Your Router
You'll probably want to log in to your router to make changes.
2/ Change Default Password
Once logged in, scroll down to the bottom of the screen and look for "Password." This is where you'll see your current password. Click on the "Change" link next to it, type in a new password, and hit save.
3/ Update Firmware
Next, head over to the firmware update menu and check for an upgrade. Make sure you're running the latest version of your router software.
When accessing your network attached storage device over the internet, make sure "HTTPS" is turned on. This ensures that your data is secure while being transferred. You can enable https on Windows devices like PCs and laptops, Mac computers, and even Android phones and tablets.
If you're accessing your NAS from a mobile device, there are several ways to ensure your information is safe. First, check whether your browser supports HTTPS. If it doesn't, you'll want to download a free software called Let's Encrypt. Once installed, it automatically generates certificates for your domain name. Your browser needs to know where to find those certificates, so you'll need to add them to your system manually.
You can use the same process to generate certificates for multiple domains. For example, if you wanted to protect your home computer, work laptop, and personal cloud storage account, you'd install one certificate per domain. To do this, go to the Certificates section of your Control Panel. Click Manage Certificate Templates. Then select New Template. Enter each domain name into the Name field. Select Server Type as Trusted Root Certification Authority. Finally, select Next.
Once you've generated the certificates, copy the.cer file for each domain, and paste it into the appropriate location within your browser. You can now view the https version of your NAS' web interface.
How to Secure Your Synology NAS from Ransomware
Synology has been hit by a recent wave of ransomware attacks. This type of malware encrypts files on a computer or network device and demands money to decrypt it. In this case, the hackers are demanding $300 worth of Bitcoin to unlock the files. Fortunately, there are steps that you can take to prevent this attack from happening to you.
If you don't know much about ransomware, here's a quick overview. The ransomware virus infects a computer, server, or network device, usually via email attachments or malicious websites. Once it gets inside, it locks down access to important data and prevents the victim from accessing their files unless they pay a ransom.
The good news is that you can easily avoid becoming a victim of ransomware. You just need to follow these simple tips:
1. Back Up All Data Regularly
Backups are one of the best ways to keep your data safe. Make sure that you regularly backup your data onto external hard drives, USB sticks, online storage sites like Amazon S3, etc., and make sure that you store those backups offsite too. If you're having trouble backing up your data, check out our guide on How to Backup Files Online.
2. Use Strong Passwords
As obvious as it sounds, not many people are actually really doing this. Because it's the easiest way to do it, this one is also easy not to do. So, it's better to set up a strong password upfront.
How to Avoid the Ransomware Attack
Synology warns customers about several recent ransomware threats that hit some users. In one case, the attacker used brute force techniques to guess the default password, and once they found it, they encrypted all the data on the NAS and demanded a ransom.
You have several options to choose form to protect yourself against such attacks. First, you can disable remote access altogether. Second, if you do require remote access, you could setup a VPN to limit access to your NAS. Lastly, there are plenty of third-party tools out there that can help you monitor what’s happening on your network.
THE BEST OPTION: THE ONE CLICK RESPONSE TO ALL CYBER ATTACKS FOR YOUR SYNOLOGY NAS, CYBER FIRST AID by AP LENS
What makes this different than an antivirus program?
Even if you've got an anti-virus program installed on your computer, malicious code could be running on your device. Because it Malware can evade detection by both bypassing security measures and blocking anti-malware applications from running altogether.
Cyber First Aid by AP Lens basically does 2 steps for you to ensure your security:
#2 monitoring, the software is able to know what connections were made and it is blocked.
It prevents risky connections from happening by blocking them before they start. It’s one step ahead of an anti-virus software!
It protects against all kinds of malware including spyware, ransomware and viruses.