Blog

By Kyriakos Ioannou – Systems Engineer

Since your Synology NAS hosts so much important data, properly securing it is of paramount importance. Follow the steps below in order to achieve a very good level of security.

Updates

Make sure your Synology NAS has the latest DSM and packages updates are installed, to ensure you have the latest security features and patches on your NAS.

Security Advisor

Security Advisor is a built-in DSM application that will scan your Synology NAS and check your DSM settings. It will identify any security weaknesses your NAS might have and recommend ways on how to address them. 

Password strength and expiration

The password to access your Synology NAS should be comprised of at least 8 characters including upper case and lower-case letters, numbers, and special characters. You should also set the password expiration function to force users to change their passwords after a certain period.

2-step verification

This feature provides additional security for your DSM account. If 2-step verification is enabled on your account, you will need to enter a one-time verification code besides your password when logging in to DSM. The verification codes can be obtained using authenticator apps installed on your mobile device. Therefore, if someone wants to access your account, he will not only need your username and password but also your mobile device.

Auto Block

Auto block provides defence against unauthorized access. Enabling auto block will block an IP address after a pre-defined number of failed logins attempts within a certain period. The number includes every failed login attempt via SSH, Telnet, rsync, Network Backup, Shared Folder Sync, FTP, WebDAV, Synology mobile apps, File Station, and DSM.

Account Protection

Account protection reduces the risk of accounts being broken by brute-force attacks. After a pre-defined number of failed logins attempts within certain period of time, the specific account will be blocked.

Change default management ports

You can change the default ports to block malicious login attempts. The port number must be between 1024 and 65535.