If I use an access list to limit login to just the IP's I specify, does that apply to services as well? I enabled this so I can administrate only from a handful of IP's, but now Plex is unavailable outside my network. It would be great if I could limit administration to a handful of IP's, and leave services open.
I'm doing this in response to someone in bandgladesh gaining access to my device. This happened despite my having dual authentication turned on, having a complex password, and being on the latest firmware. The attacker was able to create a second "admin" account and was using that for login.
"Admin" is now disabled, and I've tightened down security further, but how can I limit access on this device without limiting it on services? I have read the FAQ on tightening security on a QNAP device: https://www.qnap.com/en/how-to/faq/arti ... ore-secure
Security and access lists
- dolbyman
- Guru
- Posts: 35242
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: Security and access lists
start the whole NAS from scratch, including a check of autostart.sh if you have no idea what the attacker did, then this is the only way to proceed
restore your files from backups
only use VPN to access the NAS (best to use a VPN on a router etc.)
restore your files from backups
only use VPN to access the NAS (best to use a VPN on a router etc.)