Clever Geek Handbook

How to protect NAS from hacker attacks and ransomware?

Everyone has heard the scandal associated with the Qlocker hacker group, which wrote an encryption program that penetrates network storages. Since April 20, the number of victims of the ransomware goes to hundreds a day. Hackers use vulnerability CVE-2020-36195, the program infects NAS and encrypts information. The data can only be decrypted after the ransom. Fortunately, Synology NAS does not have this vulnerability. But we still felt it necessary to talk about how you should protect your NAS to avoid potential risks.





We also recommend that you familiarize yourself with the  guidelines for protecting data on users' computers from encryption programs .





Note: Most of the tips in this article require NAS administrator rights.





Tip 1: disable the default administrator account

Common administrator account names make it easier for hackers to brute-force attacks on your Synology NAS through brute force attacks. Avoid names like admin, administrator, root (*) when setting up your NAS. We recommend that you  generate a strong and unique password  for the administrator of your Synology NAS and  disable the default administrator account . If you set up an administrative account with a new name when configuring the NAS, the admin account will be automatically disabled.





If you are logged in as admin user, then go to  Control Panel , select  User and group , and then create a new administrative account. Then login under the new entry and disable admin.





* root 





2:

, , . , , , .





, . - . , . -.  email   Have I Been Pwned  Firefox Monitor, .





, ( 1Password, LastPass  Bitwarden). , .





 Synology NAS   , .    β€”  β€” .      .





. .





3:

Synology    DSM, . .





,  Product Security Incident Response Team (PSIRT)   Synology  , 15  , .





  ,   DSM  . .





 Synology   Virtual DSM  Virtual Machine Manager,  DSM.  Virtual DSM  , , . ,  Virtual DSM  DSM, . .





  .  NAS Synology  ,  email, SMS, .  Synology DDNS  , . , .. .





 Synology    , , .





 





4:

,   . DSM 7.0 , .





Synology   Secure SignIn,  FIDO2, (USB-, Windows Hello   Touch ID macOS). , ,  , , ..





 

Secure SignIn

FIDO2





























LAN IP

HTTP





IP





QuickConnect 

:





1-









2-









3-













Secure SignIn  FIDO2





 





+





 





OTP  Secure SignIn  FIDO2

DSM  Secure SignIn  .





 





5:  Security Advisor

Security Advisor β€” ,  NAS   DSM. ,  Security Advisor  . , Security Advisor   SSH, ,  DSM.





6:  DSM

   β€”   , .





      IP-  . / IP-, (DoS).





, .  IP-, .





 IP- , .    .





      ,   . .  DSM  .





 HTTPS

 HTTPS   Synology NAS  , Β« Β».





  β€” β€” DSM,     HTTP  HTTPS   DSM.  https  443,  http β€” 80. , .





:

, .   β€” β€”   , . , -  IP- .





7: HTTPS  2 –  Let’s Encrypt

   HTTPS, , .  DSM   Let’s Encrypt, , - NAS.





 DDNS,   β€” β€” .   β€” β€”  Let’s Encrypt.    . .





,  HTTPS (. ).





:  , , .  .





8:

 DSM   HTTP (5000)  HTTPS (5001) , , .   β€” β€” -, .  SSH  (22), .





  -, -. - , ,  IP-.





9:  SSH/telnet,

 SSH/telnet, . SSH/telnet   root, , , . ,  SSH  (22). ,  SSH  () IP   VPN.





10:

DSM   AES-256 , . , .





  β€” ,  .    ,  DSM  . , .





:

  . , - .





, :  S.M.A.R.T. . , (RAID 5/6).      . , .





 NAS Synology    S.M.A.R.T.  . - , . S.M.A.R.T. .





!

, CVE-2020-36195,  NAS. ,  Synology  . ! β€” , , . , , .







More articles:


All Articles