While NAS devices are relatively secure, they can be a tempting target for cybercriminals. By following best practices for security, however, users can harden their NAS devices and minimize the risk of data loss.
For example, changing default passwords (like the standard admin password) and making them more challenging to guess should be among the first things an administrator does.
Upgrade to the Latest Firmware
Securing your NAS (Network Attached Storage) protects your valuable data from unauthorized access, malware, and other threats. Since NAS devices are constantly online, they’re exposed to threats around the clock. How to secure NAS? They’re often configured with default settings prioritizing ease of access over security, such as simple and easy-to-guess passwords and open access permissions. As a result, they’re vulnerable to attacks from cybercriminals looking for easy targets.
Fortunately, you can help protect your NAS by upgrading to the latest firmware. This step is essential, as new releases fix bugs and security flaws that hackers may use to gain unauthorized access to your data. Changing the default login credentials and activating a firewall is essential to ensure better security for your device.
Disabling Quickconnect, which allows remote access to your NAS using a private IP address and port, is another good way to mitigate unauthorized access. However, a QC ID can still be guessed, and lists of known QC IDs are available online.
It is crucial to adhere to the 3-2-1 backup rule. It involves creating three copies of your data and storing them in two different types of storage, with one copy kept offsite. It helps ensure you can restore your data from a recent backup in case of a ransomware attack or hardware failure. Moreover, a NAS encryption solution can protect at-rest data from unauthorized access even when transmitted between endpoints. It doesn’t prevent hackers from accessing your data, but it makes it more difficult and time-consuming for them to do so.
Disable Quick Connect
Quickconnect is a handy feature that allows users to access their NAS over the internet without requiring time-consuming and complex router configurations. It works by resolving your NAS’s external IP address to a unique name (called a DNS alias) using the internet’s domain name system (DNS) infrastructure. It also avoids configuring your router to open network ports or installing a certificate for remote access, as is required when using other methods such as DDNS or port forwarding.
This article details the flaws they discovered and some steps they took to exploit them.
To set up QuickConnect, log into the NAS, click on the Control Panel, and then select the Quick Connect tab. Check Enable and then enter a Quick Connect ID (e.g., linuxhint-88 in the example below). You will now have an address that you can use to access your NAS over the internet without worrying about port forwarding rules or other cumbersome settings.
You can even enable mobile apps to use the QuickConnect ID instead of their URL. It will save you data transfer charges if you work with large files or streaming video.
Set Up a Firewall
NAS devices are computer boxes with an embedded operating system that support a variety of storage hardware. These boxes are used by people worldwide to store files for easy access, collaboration, backup and recovery, and more. They’re also popular in businesses of all sizes as effective and scalable network storage systems supporting email, accounting databases, payroll, video recording and editing, data logging, and more.
The heart of a NAS device is a central processing unit, or CPU, which provides the computing power to manage the NAS OS, read and write data against storage, and handle user access. The processor is also responsible for running a wide range of apps that support productivity, collaboration, and other essential uses. Typically, these apps include video streaming for home media use and business collaboration tools to help teams work from different locations or on the go.
All NAS units have a built-in firewall that monitors traffic to and from the device, and depending on the rules you set up, it will permit or block certain types of activity. You can create firewall rules from the DSM portal that can help protect your NAS from external attacks and other potential security threats. For example, you can configure the rule only to allow specific IPs from certain countries so your NAS won’t get attacked by malicious users from other world regions.
Enable Two-Factor Authentication
Cybercriminals target NAS and other data storage devices because they often contain valuable business and customer data. This data may include customer records, employee payroll data, product research and development information, and more. With the proper protections, businesses can keep their critical data safe from hackers and ransomware attacks.
Two-factor authentication (2FA) is a security measure that protects online accounts. It requires users to undergo an additional verification step apart from the standard username and password. This additional security step can take various forms, such as a code sent to the user’s phone, a security question and answer, or a physical device like a USB token or card reader. 2FA is an effective way to secure online accounts and prevent unauthorized access.
Adding 2FA to your account can dramatically reduce the risk of hackers breaching your login credentials. Even if cybercriminals gain access to your username and password, it will only be possible for them to access your account with the additional 2FA verification code.
Fortunately, enabling 2FA is relatively simple. The option is in your NASNAS account settings under the Security tab. Once you’ve enabled the feature, it will be required each time you log in to your NAS. It will also be required if you want to access your DSM desktop with administrative privileges. To begin, log in to your NAS and make sure your NAS and mobile phone’s clocks are synchronized.