Security Measures Quick Start Guide (Synology Router)
Security Measures Quick Start Guide (Synology Router)
Why should you care about router security?
Routers transfer data packets between devices and networks. A compromised router can leak configuration details, or even cause security breaches on any device with which it communicates. Thus, it is crucial to keep your router well-protected.
This article will provide you with various methods to strengthen the security of your Synology Router.
Note:
- The steps in this article are based on SRM, the operating system of Synology Router. If you are seeking advice for safeguarding DSM (Synology NAS), refer to this guide.
Protect your sign-in information
Use a strong password
We recommend using a strong password with a mix of letters, numbers, and special characters. Using a common password is an invitation to hackers. If an account is compromised, hackers can easily take control of your other accounts.
You can change your password at Options > Account.
To set up the settings related to password security and strength rules for users of your Synology Router, refer to this article for instructions.
Activate 2-step verification
Activate the 2-step verification to improve the security of your SRM account. When 2-step verification is activated, you will need to enter your password in addition to a one-time verification code when signing in to SRM. Verification codes are obtained from an authenticator app installed on your mobile device. Therefore, if someone wants to access your account, they will not only need your username and password but also your mobile device.
To activate the 2-step verification for your account, visit this article for instructions.
Deactivate the admin account
By default, Synology Router will have an administrator account. Since "admin" is a common username,1 a hacker only needs to guess your password to break into your account. Deactivating the default admin account and creating a new one with a creative or specific username gives the hacker more work to break into your account.
To deactivate the admin account, sign in with another administrator account and go to Control Panel > User > User. Select admin and click Edit, then tick Deactivate this account.
Safeguard your local networks
Hide your SRM
Restricting access to your Synology Router's management portal improves network security. If you want your SRM to be accessible only from within your local networks, follow the steps below:
- Go to Control Panel > System > SRM Settings.
- Untick Allow external access to SRM.
If you want to hide SRM while allowing external access to your Synology Router, use the following steps instead:
- Go to Control Panel > System > SRM Settings.
- Change the Default Port Numbers of the SRM management portal.
Note:
Encrypt your Wi-Fi
Secure passwords alone are not enough to keep your Wi-Fi networks safe. Make sure each of your Wi-Fi SSID is configured with a strong encryption protocol (e.g., WPA2 or WPA3).
- SRM 1.3: Go to Wi-Fi Connect > Wi-Fi Settings > Wi-Fi Network > Specify a network > Edit. Select an encryption protocol from the Security level drop-down menu.
- SRM 1.2: Go to Wi-Fi Connect > Wireless > Wi-Fi. Select an encryption protocol from the Security level drop-down menu.
Share guest Wi-Fi only
A guest Wi-Fi is an isolated wireless network created for non-regular users. Share only the guest Wi-Fi with visitors. In so doing, you can provide Internet access while preventing unwanted access to your private networks.
By default, a deactivated guest Wi-Fi network will be created for you. To learn how to configure it, refer to the respective help articles for SRM 1.3 and SRM 1.2.
Set up a local network only for IoT devices (SRM 1.3 or above)
Enacting IoT security measures is a must if any home appliance is connected to your Synology Router's networks. IoT devices may have various vulnerabilities (e.g., hardcoded passwords), so we suggest isolating them from your primary network.
To set up a virtual local network only for IoT devices, refer to Synology VLAN Deployment Quick Start Guide.
Shield your device and stay alert
Ensure your router is routinely updated
To improve the performance and stability of the system, Synology offers SRM updates when new features or security enhancements are available or when bugs are fixed.
To set up automatic updates for SRM, refer to this article for instructions.
Activate notifications
Activating notifications is an effective way to raise your awareness of router security. For example, set your Synology Router to notify you if its network connection is lost or a power failure occurs. These notifications allow you to monitor the status of your router in real-time and take appropriate action.
To activate notifications, refer to this article for instructions.
Run Security Advisor
Security Advisor is a pre-installed security application that scans your Synology Router. This application scans the following areas of your Synology Router, checks your settings, and recommends changes that help keep your router safe.
- Malware
- System
- Account
- Network
- Update
For more information, refer to the articles under Security Advisor.
Protect against unwanted access
Set up auto block
The auto block feature helps improve the security of your Synology Router by blocking the IP addresses of clients with too many failed login attempts. This helps reduce the risk of accounts being broken into using brute-force attacks.
To learn how to activate auto block and add IP addresses to your Allow List, refer to this article for instructions.
Activate DoS protection
DoS (Denial of Service) attacks bombard a computer system with numerous requests exceeding the target's capability. The attacked computer may miss important data/service requests (e.g., email messages) from outside and suffer from limited Internet bandwidth and system resources.
To activate DoS protection, go to Network Center > Security > General.
Activate HTTPS
HTTPS (Hypertext Transfer Protocol Secure) is the secure version of HTTP, which is the common protocol for web browsers to communicate with web servers. HTTPS safeguards your Synology Router and client devices against cyber threats and unauthorized access.
You can configure HTTPS settings at Control Panel > System > SRM Settings.
Note:
- A certificate is required for HTTPS connections. Having a certificate allows users to validate the identity of a server and the administrator before sending any confidential information. Refer to this article to learn how to get a certificate on your Synology Router.
Protect Internet behaviors via Safe Access
Safe Access shields your network and makes it simple to manage devices connected to your Synology Router. You can create profiles and assign devices to safeguard their Internet behaviors, specify how long and when to block or allow their Internet access, and create web filters to manage what websites profile owners can visit.
For more information about configuring Safe Access, refer to this article.
Detect malicious attacks via Threat Prevention
Threat Prevention strengthens the network security of your Synology Router and subordinate devices by detecting/dropping malicious packets. This package offers various features to help you keep track of potential malicious threats.
For more information about configuring Threat Prevention, refer to this article.