• Log Center shows a lot of failed login attempts. The user accounts that tried to sign in might be deactivated or might have never existed in the first place.
  
• Security Advisor shows that someone attempted to sign in "by trying passwords but failed (brute-force attacks)".
  

There is no need to panic. Your NAS is at risk to attacks as long as it is connected to the internet, and the log messages display the user account name that attackers tried to use, regardless of whether the account is active or deactivated.

Use the following methods to further strengthen the security of your Synology NAS.

Open only public ports for needed services on the router

Synology NAS is designed to be easily accessed over the Internet. In order to safeguard your NAS, we strongly advise you to only open the ports of required services.

Configure password strength rules

You can enforce password strength rules for users to reduce the risk of hacking. Select Apply password strength rules at the following locations:

• DSM 7.x: Go to Control Panel > User & Group > Advanced > Password Settings.
• DSM 6.x: Go to Control Panel > User > Advanced > Password Settings.

Use multi-factor authentication

2-Factor Authentication (2FA) adds an extra layer of security to your DSM account. If enabled, you are required to provide a second identity verification on top of your password when signing in to DSM. For detailed instructions, refer to the Synology Secure SignIn Quick Start Guide.

• DSM 7.x: Go to Options > Personal > Account > 2-Factor Authentication.
• DSM 6.x: Go to Options > Personal > Account, and select Enable 2-step verification.

Run Security Advisor

Security Advisor is a built-in security application that scans your NAS and provides recommendations to help protect your data.¹ We suggest checking Security Advisor and running scans regularly to maximize the security of your NAS.