Before any hacker encrypts all your data and ask you to transfer them with bitcoin or $$$ (money) you should setup a strong security on your Synology NAS. This type of attack is very common, where they will ask you for money to de-crypt your files back. Today we will teach you the best security settings to save your Synology NAS from Hackers or Ransomware.
Your NAS is at risk if there are any open ports on the router. Also most hacker’s will try to get on one of the computer that is connected to the same router as NAS for Ransomware purpose. This is possible if you download any suspicious file from Internet, or you run a file that you received on phishing email.
That’s why it is really important to secure files on your NAS plus all of your computers too. Now, for the models which have EXT4 Volumes most of the give below steps won’t work. So, it is recommended that you go with BTRFS volumes, as it provides “Undo option” to recover files.
Basic Synology NAS Security Settings You All Must Have
Adaptive MFA
If you are someone who accesses the Synology NAS via Internet from other networks a lot then you should definitely Enable “Adaptive MFA”. You can do that by going into Control panel>>Security>>Account>>Enable MFA. So, if you are admin accessing the NAS from outside then you will be 2 factor authentication sent over to your email for verification.
Enable Account Protection
This feature protects your NAS against brute force attacks. So, suppose if someone is trying to access your unit using a botnet and they are guessing your username and password using thousands of IP Addresses. Then the NAS will automatically detect it and block them specified login attempts for specified time period.
Enable Auto Block
This feature will block the user if they fail to type right credentials after specified attempts. You can specify the “Login attempts” to 10 within a time period of 5 minutes. Now, there is not much requirement for you to decrease the login attempts then this. As this is perfect setting.
So, these are super easy security settings that every Synology NAS user should have.
Deactivate Default Admin User
Once you install the DSM you will be getting the default system user by the name of “admin”. For Synology NAS security purpose we recommend you to deactivate that “admin” account. You can deactivate it by going into Control Panel>>User & Group>>Select the user>>Delete/Deactivate.
Next, in the same window go to the “Groups” tab. And check for the members that you have on your unit. Plus also check the “Permissions” tab. We recommend you not to give unnecessary “Admin” privileges to all users.
Apart from this, make sure you click on the advance tab for admin user and create strong password. We recommend you to enable, special characters, numeric characters, and exclude common passwords too. Plus the minimum password length should be between 15-20 characters. This will make any brute force attack near to impossible on your Synology NAS.
File Services Settings
In Synology Files Services we will recommend you some really useful SMB settings. So click on “Advance Settings” to under “SMB Settings”.
For Maximum SMB protocol you can opt for SMB3. You can also go for SMB2 if necessary. But for Minimum SMB Protocol don’t ever go for SMBV1. The reason being, there were confirmed exploits to this service. It was confirmed and rectified by Synology itself.
Click on “Others” tab next in the same window. And scroll down to check that “NTLMV1” should not be enabled. There were reports by Microsoft that states, ‘hackers were able to get user credentials, using this vulnerability’. Moreover, just in case you have enabled the NTLMV1 then make sure not to have SMB port open to Internet at any cost.
External Access Security Settings
The very first option here is “Quick connect”. So Quick Connect helps you to access you NAS from anywhere in the world. Plus at the same time you will have to connect your NAS to Internet to access it. Which somehow exposes it to the world of Internet. So, if you do not access your unit from outside of your local network. Then disabling it will be an ideal situation. But even if you enable the quick connect then you can rely on Synology NAS Security.
Plus for extra security while using the Synology quick connect you should use the VPN. To install one go to “Package Center”, then search for VPN in the search bar. And click on “Install”. Next you will need to open the VPN server and download the VPN Client on your Android or iOS device. Read the complete step by step guide here on How to Install a VPN on Synology NAS?
Enabling a Firewall
This feature blocks anything suspicious plus also blocks most ports which you don’t use. Just in case you use Plex or VPN then you will have to allow only those particular ports In. You can enable Synology Firewall by going into security>>Firewall>>Enable. Moreover, you can also click on “Edit rules” to specify any services that you want firewall to bypass.
You can also check here “How to setup Synology Firewall”?
Conclusion
If you follow these Synology NAS Security Settings, then you will be able to save your NAS from almost all type of attacks. Just in case you got hacked then first and foremost you need to run a backup. Check here “How to recover a NAS with a backup”, or else in case you haven’t yet setup the backup. Then check “Which are the best Synology NAS Backup options for you“?