Setting up Network Attached Storage (NAS) is easier than you might think. Turnkey cases from Synology and ASUSTOR are ready to use once connected to your LAN and a power outlet. As long as you have at least one drive installed, you can configure the operating system and start storing data. However, there are a few things to consider when setting it up. Since you'll be storing a lot of data on this device, it's important that you take the time to secure not only your NAS, but also the network and all other devices connected to it. Here are some basic security mistakes I saw when setting up their first NAS.
Related
How to secure your NAS and protect your data
Protect your data from natural disasters and prying eyes.
6 NAS accounts are not secured
“Pa55w0rd123” doesn’t count
We've all been there and used insecure passwords. Before the introduction of password managers, it was not uncommon to use a well-known password that was easy to remember. An obvious problem with this approach is that the less unique (or more coherent) the password is, the easier it is for someone to guess or crack it using software. At this point, randomly generated passwords with support for special characters and a single location for everything came into vogue. Password managers now serve as the backbone of the user account world and in 2024 there will be no excuse for using bad passwords.
According to Wikipedia, the most popular passwords are as follows:
123456 |
password |
12345678 |
qwerty |
123456789 |
12345 |
1234 |
111111 |
1234567 |
Dragons |
I recommend using a strong password for your NAS. Something like Bitwarden is ideal for storing thousands of user credentials, and there's even support for home accounts and license upgrades for even more features and convenience. All you have to do is remember a single password. Make sure every account on your NAS uses such a password. If not, now is a good time to introduce password managers to your loved ones. While you're here, have you enabled two-factor authentication (2FA) on your NAS? In the wise words of Darth Sidious: “Do it!”
Related
Best password managers in 2024
Stop using birthdays and your pet's name as passwords and use one of these to secure your online accounts.
5 Nothing is updated on the NAS
Old operating system, even older apps
Have you ever used someone else's computer and noticed that they are using an old version of the operating system or some apps? This is exactly what can happen with a NAS, especially if automatic updates are disabled. Most NAS enclosures (and aftermarket software solutions) set everything up to handle new versions by default, but it's a good idea to log in every now and then to check. Docker containers should not be updated automatically because there is a risk of something breaking or you may prefer to create backups before updating containers installed on the NAS.
Missing out on the latest updates can put your system at risk. Most minor patches include security vulnerability updates and performance improvements. I recommend updating everything on your NAS unless otherwise stated.
4 Do not enable SSL/HTTPS
CAN ANYONE HEAR ME NOW?
Not using SSL/HTTPS in today's world is like wandering the world of The Walking Dead without clothes or weapons to defend yourself against the dead. Connecting to your NAS from outside your LAN poses a risk, especially without HTTPS/SSL configured with a signed certificate. When working with your NAS, always make sure it is over HTTPS and SSL is enabled for all services, even if you do not want to allow external access. Practical ways to open your NAS and restrict connections include VPNs and reverse proxies with VLANs.
Related
3 reasons why you should use VLANs in your home network
Virtual LANs are great for building the perfect network.
3 Use the same standard ports
Makes registration easier for everyone
Did you know that you can change the port your NAS uses for the management GUI? The same applies to apps and services that you install on the NAS. For example, the default Jellyfin port is 8096. By changing just one digit on this port, you add an additional layer of protection. If someone gets access to your network and searches for frequently used services, your Jellyfin instance will not appear high. Of course, this isn't a guarantee that your services will remain invisible to anyone on the LAN, but it's a good step to prevent something from happening… and it doesn't take long to configure per service.
2 No VPN is used on the LAN
Protect yourself
Do you use a virtual private network (VPN)? If not, you should because they're a great way to keep everything you do online safe from prying eyes. A VPN can also be useful for bypassing geoblocks and other annoying measures. Most NAS operating systems support the integration of top-notch VPN services, making it easy to add this layer of protection to your connected storage. If you build your own router and firewall, you could even apply a VPN connection to an entire network, which is pretty cool and eliminates the need for per-device configuration.
Related
This is why you should install a VPN on your router
Configure your router to run a VPN to easily protect and manage all connected devices.
1 Ignore the rest of the LAN
Your PC is just as important as the NAS
Your NAS is not the only device on the network connected to the Internet. With most ISP-provided routers, everything on your network accesses the Internet in some way. It doesn't matter if you take all the security precautions in your NAS's manual if everything else on the network isn't up to par. Your PC is just as likely to infect your NAS with ransomware or other unwanted software if it is unpatched and you like to visit less trustworthy destinations. Take some time to check every device on your network to make sure it is protected.
We've covered VLANs here at XDA, which are great for restricting LAN access to specific clients. This can be useful for creating isolated guest networks.