Security Counselor Report

[amonphi]

Hi everyone,

I have purchased a QNAP TS-251D for a few months, Security Counselor after each scheduled scan gives me a couple of notices that I can't solve:

1) Average risk is "antivirus does not use the most recent virus definitions".
The NAS is connected directly to the router and the internet is always active, the antivirus is scheduled to check the updates 1 time a day and I noticed that it always happens after midnight, Security Counselor instead is scheduled to check once a week at 07:00am. Where is I wrong?

2) The second notice, with low risk is "push notifications for new versions of the firmware disabled". As internet browser I use Mozilla Firefox and it has recently been able to associate the NAS with Firefox, before it only worked with Google Chrome but, despite sending the test notification, Security Counselor continues to warn me, why?

I know that I could simply ignore the notices but, if they can be resolved in another way I would prefer.

Thank you

[FSC830]

To be honest: SC in my eyes is one of the wasted apps at NAS.

Antivirus update time can only be modified per SSH in crontab.
But I guess it will be hard to adjust time for update at SC to match.
I tried this by modifying the SC run time several times, but after a while the "not latest..." warning appears again.
My guess is that the timezone also takes part in that game (here tz is Europe).

Rules for notifications can be created/enabled/disabled in Notification Center.

Regards

[amonphi]

To be honest: SC in my eyes is one of the wasted apps at NAS.

Antivirus update time can only be modified per SSH in crontab.
But I guess it will be hard to adjust time for update at SC to match.
I tried this by modifying the SC run time several times, but after a while the "not latest..." warning appears again.
My guess is that the timezone also takes part in that game (here tz is Europe).

Rules for notifications can be created/enabled/disabled in Notification Center.

Regards

Hi,

what do you mean by wasted referring to SC?
As for the antivirus, it was only to understand what that notification was linked but, I would never put hands in SSH for so little. For the time I confirm that my timezone is also Europe.

Thanks anyway for the explanations

[dolbyman]

SC is giving useless recommendations (disable admin, strong password, 2fa) people still get hacked via exploits that fall for a false sense of security.

So forget about SC and never ever expose the NAS to WAN

[FSC830]

Also as an example: at my test NAS I set different ports for http and https, just to get rid of this SC message "you are using the default ports for http/https".
What happens next? With modified ports Virtualization Station is not able to run , thank you QNAP!
So I had to choose: using VS and getting this messages or follow the SC advise and not being able to use VS!

So you can claim its not SC but VS that is the problem here, but it shows the weak points of SC.

Regards

[Barungar]

Also as an example: at my test NAS I set different ports for http and https, just to get rid of this SC message "you are using the default ports for http/https".
What happens next? With modified ports Virtual Station is not able to run , thank you QNAP!
So I had to choose: using VS and getting this messages or follow the SC advise and not being able to use VS!

So you can claim its not SC but VS that is the problem here, but it shows the weak points of SC.

Do you refer to Virtualization Station? Well, that is quite strange. I run Virtualization Station without any problems on modified GUI ports of my NAS.

[FSC830]

Do you refer to Virtualization Station? Well, that is quite strange. I run Virtualization Station without any problems on modified GUI ports of my NAS.

Sorry, yes I did (correct in previous post).
I apologize, I was a bit wrong, and need to look up exact issue in ticket.
Virtualization station can be used, but you cant run a QuTScloud VM any longer.
QuTScloud always asks for a license key after the default ports have been modified.
Only when settings ports back to default ports the QuTScloud VM was useable again.

I did not check now in final 5.0.1 if this is still present, but will do that in next days.

Regards

Edit: Checked! Issue is present in current final release too:

QuTScloud_lic.png

This happens after setting http/https ports to any other value than default.
So following the SC advise causes Cloud VM stop working!
Well done, QNAP! </irony>

[amonphi]

Ok guys, I understand the concept, I will immediately exclude QNAP from the internet entirely, unfortunately. Thanks for the advices

[Barungar]

Virtualization station can be used, but you cant run a QuTScloud VM any longer.
[...]
I did not check now in final 5.0.1 if this is still present, but will do that in next days.

That's sadly correct as far as I know. At least for QTS hero 5.0 and QTS 5.0 changing GUI ports will stop QTS cloud VMs finding their license.
I haven't checked QTS 5.0.1 so far, too.