ASUSTOR AS3304T

8 ways to secure your NAS

Storing data on your network-attached storage (NAS) enclosure doesn’t mean you can call it a day and forget all about it. There are some steps on how to protect your data and home or office network. From employing basic security principles to locking down access, activating two-factor authentication, and using randomly generated passwords, I’m going to run through ways to secure your NAS.

Secure your account and activate 2FA

Two-factor authentication is incredibly important to secure all your accounts, on a NAS or on another website. If it’s available, I would recommend activating it without question. NAS enclosures from Synology, ASUSTOR, QNAP, and other brands may allow for 2FA to be enabled on accounts, which provides additional protections against malicious parties.

I would also go an extra mile to change the name of the default account if it’s “admin.” There’s then the question of using randomly generated passwords. This should be a must on accounts, including NAS access. A NAS server could even host a password manager, allowing you to scramble all your account passwords and store everything locally.

Enable SSL/HTTPS

If you haven’t yet activated SSL on your NAS, I would recommend doing so. This would encrypt all the data sent between your device and the server. Without SSL enabled, all your credentials will be broadcasted plainly and could be intercepted. So long as you see the “https://” at the start of the web page, you’re good to go.

Only enable services you’ll use

A NAS server can use various protocols, including SMB, FTP, among others. This makes it easy for devices running different operating systems to connect and share data, but it can also increase the risk of a malicious party to attack your NAS. Then there are packages such as a web server, which can also open up the NAS to the outside world.

Use a virtual private network (VPN)

A NAS server can also run a VPN server, which can be used to access the enclosure remotely. This can help limit the connections that will be allowed through the router and other set firewalls. There are guides available for different branded NAS, which can be followed through to have everything set up in moments.

Keep your NAS up to date

Like everything in your life, it’s best to keep it updated with the latest software rleaseses. Whether it’s a vehicle, fridge, smartphone, PC, or NAS. I’d always recommend activating an automated update feature, if available. If one isn’t you could make it part of a weekly routine to check for any updates.

New releases not only add new features and make improvements, but you may also receive fixes and vulnerability patches. These can help improve the security of your NAS without any user input.

Consider keeping the NAS offline

Not every NAS needs to be connected to the outside world. If all you’re using the enclosure for is to store backups, it can be kept offline and block all external access. This would mean you won’t be able to connect to the NAS away from the home or office without configuring a VPN, but it’s the most secure way of ensuring nothing can get in.

Check other LAN-connected hardware

Your NAS isn’t the only device connected to the LAN. This is why it’s always important to check other hardware, not just your NAS. Ensure there are no vulnerabilities on other connected devices. This could be a TV, other computers, the router itself, and a smartphone. A compromised device could provide a means to get into your NAS.

Build a DIY NAS

If you haven’t yet purchased a NAS enclosure from a reputable brand, I’d recommend considering the alternative, which is to build a DIY NAS. This involves repurposing an old PC or creating a dedicated server from scratch. In my guide, I run through all the parts you’ll need as well as a few operating systems to choose from.

Doing everything yourself is a good way to maintain control over every aspect of your system.

Categories
Richard Pinnock-Edmonds Avatar

Read more