Those of us who have went on to buy ourselves a Synology NAS have done so because of the freedom having our own NAS grants us. From securing our data the way we see fit to having complete control over it, without anyone else being able to even access it, there are many great benefits to buying a NAS, particularly a Synology NAS. But this independence and privacy also means that data security falls completely on us. Keeping your Synology NAS secure means keeping the most important and most private parts of your life secure. But how to do it?
There are many ways to keep your Synology NAS secure. With each additional step made in this direction, the security of your NAS and, by extension, that of your data, improves. Below is my list of the best practices in terms of security that are applicable to new users still trying to find their way around their NAS and tech-savvy users alike.
Disable your default admin account
This counts as a very good practice in terms of security and it’s recommended by Synology themselves. Follow this step by creating another user account with full administrator credentials (admin privileges) to use instead to access your system, and disable your current admin account. This is a fairly simple, but effective measure you can take towards the security of your NAS that is accessible to all levels of technical expertise.
Create a strong password
It may come as a surprise to most that a strong password is usually all you really need to keep your data behind a wall that nobody can reach. Your password is the first and greatest line of defense standing between your private data and the outside world. This is why it may come as an even greater surprise, to some at least, that a weak password is the main reason for most security breaches. Given what the most common passwords worldwide are, you too may come to the funny realization that too many passwords are just very common words that are all too easy to guess without that many tries. The point of a password is to secure the data in your NAS so a good practice is to not use a common word, but rather a non-word. What this means is that you must include capital letters, numbers, and symbols in the composition of your password, and make sure it’s long enough – at least 12 characters. A password like this is virtually impossible to guess meaning just a strong password is all you may really need to secure your NAS beautifully. If you need help with this, see my post on how to choose a strong password.
Get an SSL certificate & Connect over HTTPS
HTTPS, meaning Hypertext Transfer Protocol Secure, has essentially become the standard when it comes to accessing anything over the Internet. The protocol encrypts your connection and ensures the data being exchanged is not subject to any form of a privacy breach.
As a Synology NAS user, you are blessed to have the option to get a FREE SSL Certificate for your system such as the one from Let’s Encrypt. An SSL certificate will allow you to connect to your NAS from anywhere outside your Local Network, be it a coffee shop in Paris, a beach in Greece, or a restaurant in Manhattan, and do so securely over HTTPS. If you are not quite sure how to do this, follow my simple step-by-step guide on how to enable HTTPS on DSM7.
Use 2-Factor Authentication
A great practice that helps you keep your NAS more secure is enabling 2-Factor Authentication for your DSM account. If you don’t mind the few little extra steps you’d have to take when accessing your box, then this might just be a useful solution for you. Go to Personal/Account/click 2-Factor Authentication to launch the setup wizard. Enter your password to continue the process.
You can use either a mobile device for Approve sign-in or OTP (one-time verification code) or a hardware security key. You can download Synology’s app, Secure SignIn, which is available on both Android and iOS devices when setting up 2-factor authentication.
Use Surveillance Station to keep an eye on your NAS box
A Synology NAS is an attractive little piece of technology that is bound to draw unwanted attention. This is why it’s a good idea to keep an eye on it. No need to lock it in a vault, just lock the door when you’re away and set up an IP camera and use Synology Surveillance Station to check on it.
And if you don’t know where to start with video surveillance, take a look at my content on Surveillance Station and how to set up your very own video surveillance system with Reolink cameras.
Use my IP Block List
My IP Block List is one of the best and simplest security measures you can take to upgrade your security game. Its role is to prevent security breaches and cyberattacks on your system by intentionally denying access to known malicious IPs. It’s 100% compatible with all Synology NAS models and Synology routers like the RT1900ac, RT2600ac, MR2200ac, and the new RT6600ax. It’s updated daily, and the IPs are tested individually as well as reviewed regularly. After you add the deny ip list, remember to correctly set up your Synology NAS Firewall.
Download my IP Block List and see how it works and how to add it to your router system.
Enable Synology Security Advisor
What is Security Advisor? Security Advisor is a pre-installed DSM security application that scans your DSM settings and Synology NAS. Security Advisor will check your settings and recommend changes that help keep your Synology NAS safe.
For example, Security Advisor performs checks to detect DSM settings that may present security risks as well as any suspicious activity like malware. It also analyzes abnormal login activities and password guessing from malicious third parties (for example, brute force attacks). See where to find Security Advisor.
Adopting as many good practices as possible when it comes to your NAS security adds layer after layer of protection to an already secure system and gives you peace of mind. Even just a couple of steps such as disabling the default admin account and creating a new user with admin privileges, paired with a long and strong password that includes mixed-case letters and different characters, can make the biggest difference and take you out of statistics. Add my IP block list to the list and get an SSL certificate for secure connections and you’ll be a true professional.
No Synology NAS user needs convincing when it comes to keeping their box and system secure.
● Enhance your security with a strong password to make system breaches virtually impossible so nobody has even a chance to sift through your personal files or let your private photos out into the world.
● Disable your default admin account and create a new user account with administrator privileges to take a potential security issue out of the equation from the get-go.
● Get yourself an SSL certificate and always connect over HTTPS to prevent anyone from intercepting your connection and gaining access to very private data that could potentially provide a gateway into your system.
● Use 2-Factor Authentication and download my IP Block List as preventative methods to anticipate and counteract all unauthorized, ill-intended access to your system and data.
● And now chill. Or take more measures until you feel satisfied with the level of security of your Synology NAS box and the precious data on it.
This post was updated on Tuesday / May 17th, 2022 at 7:14 PM