Security Measures Quick Start Guide
Security Measures Quick Start Guide
What is a security threat?
Security threat is a risk that can potentially harm computer systems and organization. The cause could be physical, such as someone stealing a computer that contains vital data. The cause could also be non-physical, such as a virus attack.
Why should you protect your NAS?
- Protect yours, your users, or your clients’ confidential information
- Enhance security to prevent data loss
Protect your sign-in information
Use a strong password
We recommend you use a strong password with a mix of letters, numbers, and special characters. Using a common password is an invitation to hackers. If an account is compromised, hackers can easily take control of your other accounts.
To change your password, go to Options > Personal > Password, and click Change Password.
To set up the settings related to password security and strength rules for users for your NAS, refer to the respective help article for DSM 7.0 and DSM 6.2.
Enable 2-step verification
Enable the 2-step verification to improve the security of your DSM account. When 2-step verification is enabled, you will need to enter your password in addition to a one-time verification code when signing into DSM. Verification codes are obtained from authenticator apps installed on your mobile device. Therefore, if someone wants to access your account, they will not only need your username and password but also your mobile device.
To enable the 2-step verification for yourself and your users, please visit this article for instructions.
Disable the admin account
By default, NAS will have an administrator account. Since admin is a common username1, a hacker only needs to guess your password to break into your account. Disabling the default admin account and creating a new one with a creative or specific username gives the hacker more work to break into your account.
To disable the admin account, sign in with another administrator account and go to Control Panel > Users & Group. Select admin and click Edit, then tick Disable this account.
Protect your device
Ensure NAS is routinely updated
To improve the performance and stability of the system, Synology offers DSM updates when new features or security enhancements are available or when bugs are fixed.
To set up automatic updates for DSM, refer to the respective help articles for DSM 7.0 and DSM 6.2.
Enable notifications
You can also set your Synology NAS to send notifications when specific events or errors occur, notifying you via email, SMS, mobile devices, or web browsers. For example, the system can automatically send a notification when the network connection is lost or a power failure occurs. Enabling notification lets you know right away when something is wrong with your NAS and can prevent you from having your NAS compromised.
To enable notifications, refer to the respective help articles for DSM 7.0 and DSM 6.2 and choose your preferred notification method.
Run Security Advisor
Security Advisor is a pre-installed security application that scans your DSM setting and NAS. Security Advisor will scans the following areas of your DSM and NAS, checks your settings, and recommend changes that help keep your Synology NAS safe.
- Malware
- System
- Account
- Network
- Update
For more information on Security Advisor, refer to the respective help articles for DSM 7.0 and DSM 6.2.
Protect against unwanted access
Enable Auto Block
The auto block feature helps improve the security of your Synology NAS by blocking the IP addresses of clients with too many failed login attempts. This helps reduce the risk of accounts being broken into using brute-force attacks.
To learn how to enable auto block and add IP addresses to your Allow List, refer to the respective help articles for DSM 7.0 and DSM 6.2.
Enable Account Protection
Account Protection protects your Synology NAS accounts from untrusted clients that have too many failed login attempts. This helps to minimize the risk of brute-force attacks on your accounts.
To learn how to enable account protection, refer to the respective help articles for DSM 7.0 and DSM 6.2.
Enable HTTPS
A certificate can be used to secure SSL services of the Synology NAS, such as web (all HTTPS services), mail, or FTP. Having a certificate allows users to validate the identity of a server and the administrator before sending any confidential information.
Synology offers a free and secure SSL/TLS certificate from Let’s Encrypt. To learn how to get a Let’s Encrypt certificate on your Synology NAS, refer to this article.
Enable Firewall
Like a PC, the NAS also has a firewall. Enabling firewall, creating firewall rules, and configuring firewall settings can prevent unauthorized login and control service access. You can decide whether to allow or deny access to certain network ports by specific IP addresses.
To learn how enable the firewall and create firewall rules, refer to this article.
Further reading
- To duplicate your default admin account settings to your own admin account, please visit this page for instructions.
- For more information on how to enhance your NAS’s security, please visit this blog post on this page.
- For a list of services that are affected when disabling the admin account, please visit this page.
- For more information on securing the NAS, please visit this page.
- To learn more about ransom attacks and how to protect your NAS from it, please visit this page.
- For more information on HTTPS, please visit this page.
- If you are having trouble using Let’s Encrypt, please read this page for solutions.
- For more information on how to configure the firewall in DSM, please visit this page.