When I began following the computer security expert Bruce Schneier , in one of his talks he said that every device that is connected to the Internet is unsafe. When the host asked him to elaborate further on this topic he simply said that the safest computer in the world is the one that is not connected to the Internet.
This is the equivalent of saying that the safest airplane is the one that is not flying at all.
I agree with Bruce’s statements but my point is that, if we buy a device because we need it for work or leasure, we should do our best in making it more secure when it accesses the Internet.
The network attached storage that I have been describing in a previous post is a device that can help home and small business users accomplish several things, such as backing up pcs and MACs, storing and retrieving files locally and in the cloud, and streaming video and music.
However, the exposure that this server has to the local network and to the Internet makes it a vulnerable device that shares the same issues of the computers it stores the data from.
In this article, I would like to give my best tips on how far I could go on securing the server. I personally like and recommend Synology NAS servers for their clean interface, robust hardware and minimal consumption.
1- DOWNLOAD AND KEEP TRACK OF THE LOG CENTER APP
2- USE A REPUTABLE DDNS PROVIDER FOR EXTERNAL ACCESS
3- USE MORE THAN ONE ADMIN ACCOUNT AND SET UP PERMISSIONS
4- IMPLEMENT ALL THE FEATURES OFFERED BY THE SECURITY APP IN THE CONTROL PANEL
a) The browser logout time can kick users out after a preset time, which is good if user for example leaves temporarily his/her desk.
b) The firewall section is very minimal but it should be checked by default, including the firewall notifications.
c) The protection feature is one of the main security features of this server, in that it allows admins autoblock IP Addresses after a preset number of attempts within a preset number of minutes. The allow block list allows administrators to white or black list ip addresses as well. As we currently live in a world where Denial of Services DDOS attacks are booming every day, the Synology server has also a built-in DOS protection that you may just want to leave checked.
5- ENABLE MULTIFACTOR AUTHENTICATION FOR LOGINS
By enabling access based only on permissions and by hardening the security features of the nas, the server can notify admin if there are unauthorized attempted logins and provide a secure environment for those who need to handle mission critical operations and for users who are usually unaware of the risks that Internet-based devices offer.