My Synology NAS was ATTACKED!

Показать описание

After exposing my Synology NAS to the internet for over four months, these are the 5 steps I recommend changing to protect against ransomware.

NOTE: If you change the default DSM port, make sure you update any apps using the default port!

DISCLAIMER: The information in this video has been self-taught through years of technical tinkering. While we do our best to provide accurate, useful information, we make no guarantee that our viewers will achieve the same level of success. WunderTech does not assume liability nor responsibility to any person or entity with respect to damage caused directly or indirectly from its content or associated media. Use at your own risk.

WunderTech is a trade name of WunderTech, LLC.

0:00 Intro
0:26 Setting up the Security Test
0:47 Attacks on Synology NAS
0:59 Test Findings
1:41 Don't Expose NAS to the Internet
2:14 5 Settings to Increase Security
2:23 Disable Admin Account
2:53 Customize Auto Block
5:51 Change Default DSM Port
6:29 Configure 2FA
6:46 Configure Snapshots & Backups
7:32 Final Thoughts

Рекомендации по теме

Комментарии

I want to be clear that my overall recommendation is to ensure the NAS isn't exposed to the external internet. If it isn't, the overall risk is minimal and these changes won't do much, but can be used for peace of mind. Nothing is perfect though, so always keep that in mind.

The other thing is that if you're concerned about indirect attacks (a device on your local network being compromised and attacking your NAS locally), white listing the local addresses might not be the best option. This would be...bad though and would mean that a device on your local network is compromised in some way.

I would treat these suggestions as ideas and customize any changes you make based on your requirements. Thank you for watching!

WunderTechTutorials

Interesting, well presented, and no background music … the three keywords I appreciate your videos for.

TSSC

I don't run a Synology NAS but this was a great video to demonstrate best practices for any service. I do like that this also served as an example that any obscurity is always better than no obscurity.

samsh-qa

Even though my Synology NAS that is home and my remote off-site back-up one, is behind a firewall, I still configure the firewall on the Synology NAS so that if someone gets into my network they have a second firewall on the Synology NAS to get through. I hate the advice all over the internet that says "You don't need to turn on the firewall if it's behind your router or firewall". NO NO NO. Why wouldn't you want extra security just in case. More security is ALWAYS better. How do we know there isn't an undiscovered vulnerability in the firewall/router that is in use? We all know consumer grade routers are terrible for security and after a couple of years no longer get firmware updates and we are going to trust this to be our firewall to protect our NAS? YEAH, HARD NO! Furthermore, all the recommendations that are mentioned in this video I do and advise others to do. Thanks for a great video I can share.

CedroCron

Use something like tailscale, dont expose the NAS or anything directly to the internet

hamouz

I wish these things came with a setting option wizard that pointed you in this direction from day 1. Instead they assume everyone knows IT when I'm sure a lot of people don't have the first idea about any of this.

captainwin

These crawler attacks are pretty standard AFAIK, and has been for me as well ever since I exposed my first server to the internet, years ago.
Two of the things I've found to be by far the most effective, is a well configured firewall (I live in a small country, so blocking everything from outside, does the trick for me). If that is not a possibility, setting up IP ranges able to have access is also a great way of limiting exposure, although that can be difficult depending on use case.
The second one is reverse proxy, to only allow one or maybe a couple of ports access, while still being able to use multiple services on your NAS.

blcjck

Great tips for securing your NAS! I pretty much did all of these plus a few extras when I got my Synology NAS'es years ago. As you mentioned, one of the best things you can do is not expose your NAS directly over the Internet. Mine can only be accessed via VPN (which I host locally at home) with specific IPs. Scanner bots or anyone at all won't even know my NAS'es exists. 😎

xellaz

In my experience, attackers don't always target the "admin" login account. I've observed various usernames in different languages such as Chinese and Korean in the logs. To bolster my account protection, I've implemented a similar setup and subsequently export the list of blocked IPs to my firewall, preventing them from accessing my NAS altogether.

allenhsu

Thanks for this vid, i already disabled my admin account years ago but never knew how many attempts were being made on my system daily. You should see how many ip's were blocked today.

GeekShhh

Just make a firewall rule to block all countries except your own, then add the auto blocker - change standard port, disable admin account and enable MFA :) . Good video though :)

Morpheus

As soon as I get a Synology NAS I will look at this again! I am on a Mac though. Thank you for the info and for sharing for us! Security is important as it is important for us to access the data remotely.

SergioBlackDolphin

Dang Frank! No matter how much I learn about Synology devices you always seem to teach me something new and valuable! You are definitely on the top of my sub list! As always THANKS for being so informative! 👍🏻👍🏻

tonyvalenti

Thank you for this. It never hurts to double check things.

AJ_UK_LIVE

Excellent PSA! The Synology user base applauds you.

Sapious

i experimented with setting up a mail server on my NAS once, used the usual port 25. didn't take long to see a batch of IPs in the block list every day and ultimately decided not to continue. i still have other ports open (not defaults) and mitigated with geo blocking on my Synology router. I still get paranaoid though.

reyskidude

Thanks for the update on Synology security. It opens my eyes on some settings. I actually never use the HTTP port for connecting to my NAS. You can't reach it from outside cause the port is not forwarded. I was using Quick Connect to connect to my NAS from outside, but I found out that it was not as secure as it should be. I can't use 2FA with Quick Connect. I blocked all external IP addresses to connect to my NAS. The only IP addresses that are allowed are that of my subnet and the IP address of my external Router.

Equality-and-Liberty

You're certanly right about default autblock settings so i will extend to this: If you plan expose your NAS to the internet wipe out all defaults including default port for ssh. Pretty much anything that's setup default you gotta change if possible. If you wanna have your nas exposed to internet so you can access it think about running true nas within vps and you have options such as proxxmox even xcp-ng, that way you can make multiple copies of vm's and just deleate one that is compromised while keeping other say two exact copies intact. Always build your network scurity in layers and i said elswhere already. use OSI as reference and set up protection at each level and document it and print it out so you know what you have on each layer. that alone will allow you to track incoming attack. also use vlans too as it will make things even more difficult for attackers.

raughboy

Great Video! I don’t understand a word you said as I’m clueless when it comes to NAS drives.

robs

Admin: Stealth Password Spray is tough for a device to spot, but easy for a human.

Great video, very sensible and practical advice.

cpuuk

My Synology NAS was ATTACKED!

My Synology NAS was ATTACKED!

Massive Botnet Attacking Synology - how to protect your NAS

How To Secure Your Synology NAS - Don't Get Hacked Like I Did! (PART 1)

How to Secure Your Synology NAS from Ransomware and other attacks

Ransomware WARNING Issued by Synology | How to Protect your NAS

How to Secure Your Synology NAS | Synology

Ransomware Protection: The Complete Guide for Synology NAS

Ransomware Protection with Synology Immutability - DSM 7.2 | Synology

Recovering from a Ransomware Attack - Backup Solutions with Synology

Synology NAS Security Tip - Enable IP Auto Block Protection

Defend Synology NAS Against Brute Force Attacks

Synology NAS Security Tip - Enable Account Protection

NAS Madness! Qnap Qlocker Ransomware, Synology BTRFS Controversy and Protecting Yourself!

Synology NAS Security Tip - Disable The Admin Account In DSM

Synology’s unverified drive warning is causing a lot of concern. Here’s what’s going on. #nas

Enable Firewall DDoS Protection and Account protection Synology | DDoS Attack Protection on Synology

14 - Synology Ransomware Scenario with CORAS methodology

My Synology is getting full, update dilemma, lock in and disappointment. NAS for Photographer

Massive Botnet may have Compromised Synology Devices (make sure you’re safe)

PROTECT YOUR FILES - How to Protect your Synology NAS from Ransomware / Crypto ATTACK \\ 4K TUTORIAL

Ohhhh no!!!! My Synology Crashed!!!

Synology Ransomware Attacks: Change Admin Username!

We hit Synology NAS volume size limits with 22TB HDDs. 108TB is the max with the DS1821+.

Synology DS1621+ with 10Gig SFP+ DAC... Very impressed!!! 😎👌