Sync Two Qnaps using myQNAP cloud?

Post your questions about myQNAPcloud service here.
dolbyman
Guru
Posts: 19973
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: Sync Two Qnaps using myQNAP cloud?

Post by dolbyman » Thu Oct 15, 2020 2:51 am

Christiaan5 wrote:
Thu Oct 15, 2020 2:37 am
When I access via xxx.myqnapcloud.com I always access with Secure login. Because of this, I did wonder if I could disable the NAS Web access port...do you know this?
And yes I do use the default ports, but no one tells me what other port would be better...what do you suggest?
SSL transport layer encryption adds no security for your NAS (it prevents evesdropping and authenticates the target), any exploit would still be applied.


Christiaan5 wrote:
Thu Oct 15, 2020 2:37 am
You write "do NOT expose your NAS login or other station", what do you mean with this? Opening the ports?
Do not port forward any QTS (Admin login) or Station (video,photo,audio) to the WAN by port forwarding, they have been used many times in the past for attacks and infections
Christiaan5 wrote:
Thu Oct 15, 2020 2:37 am
You write "exploits do not care about password strength", I would think a password of 3 characters is easier to hack then 30 characters. They will need to try many times and then my IP Access Protection blocks the IP for a day, so they get 365x5 attempts in a year, but I will notice this earlier and I will block the IP forever. Probably there are tricks so one server can access via multiple IP-addresses, but my data has no value to anyone else, so why would they spend time on this?
See here,
https://en.wikipedia.org/wiki/Exploit_( ... _security)

Your password is not even used, it is circumvented

Christiaan5 wrote:
Thu Oct 15, 2020 2:37 am
Sure I understand that UPnP is less safe, but first they need to get into my LAN to change/use it right? In my situation they would first need to hack into the NAS and next they could probably change the port-forwarding in my router. If they hack into my NAS they already have all information, so if they open more ports afterwards will not make any difference for me anymore.
Any device on your LAN can request port forwards to be made and "defeat the security" of NAT, it creates an rogue security hole in your home.
Christiaan5 wrote:
Thu Oct 15, 2020 2:37 am
You also write "So you either have been very lucky so far, or already have been hacked without knowlage (cryptominers, etc)". I guess you are a very knowledgeable person when it comes to network security, but 80% of the people I know, know even 25% of what I understand about network security. Why do they not get hacked all the time? I believe because of your knowledge you believe the internet is an unsafe place in general and yet almost everybody is connected to it the whole day long.
I posted these earlier, check this forum,reddit,bleeping computer off all the tears shed by people that lost all their data, it's not a theory

https://www.zdnet.com/article/cisa-says ... h-malware/
https://www.zdnet.com/article/qnap-nas- ... e-attacks/
https://www.zdnet.com/article/qnap-tell ... ansomware/

The danger is people exposing unsafe network equipment to the public web and with the rise of untraceable crypto currencies, criminals found a way to extort money from private households and corporation alike with little ways of being detected.

Ransomware cares only about the value of the data to YOURSELF, that is how they extort money out of you ... do you have full external backups of your NAS data at all times ? .. if no .. you are a prime target
Christiaan5 wrote:
Thu Oct 15, 2020 2:37 am
If you have great idea's how we can improve safety of our NAS, please share. Please do be practical, because I am not a computer whizzkids. I also try to understand what you wrote about site2site VPN, but I also simply do not understand how to create this.

Any input is always welcome.
Close all ports, use a router with a VPN server, use that to access your NAS from outside of your home. (there is plenty of guides google can provide) hosting your own VPN has nothing to do with privacy VPN providers that are pushed by every social media spokesperson (and their grandma)

User avatar
Christiaan5
Starting out
Posts: 13
Joined: Sat Feb 22, 2014 7:20 pm

Re: Sync Two Qnaps using myQNAP cloud?

Post by Christiaan5 » Thu Oct 15, 2020 4:31 am

Hi dolbyman,

Wow, you really believe it is unsafe to open up any port.

I looked at the exploit on wiki and I think I understand it better what you mean, but this is valid for any operating system or computer isn't it?

There is no other IP device on my LAN which is powered 24/7. I indeed do not trust cheap IP-camera's etc. The only device always online is the NAS (oh, also my printer). If QNAP keeps it safe, I am safe, if they fail...I might get infected. But it is their business to keep it safe.

I looked at the posts and sure I do believe ransomware is a valid risk, but this risk is on any device we own.
I have 3 NAS devices on 3 locations making backups to each other, but all are connected to the internet with some ports open.

You did convince me in investigating how to get a VPN server on a router;

I see one can just buy routers with VPN server functionality in it from common online shops: some examples "TP-Link Archer C2300". Checking the user manual I see you do also have to setup a lot of other stuf to get it to work, but it seems do able for a simple person as me. The "Ubiquiti EdgeRouter X" should also be able to do this, but I do not understand the user manual at all. Another router "Synology MR2200ac Mesh Router" you need to add a software package for a VPN server. User manual in my own language, very handy. Okey, there are possibilities to make the network safer with a small amount of money and some setup effort.

Thanks for the idea's.

dolbyman
Guru
Posts: 19973
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: Sync Two Qnaps using myQNAP cloud?

Post by dolbyman » Thu Oct 15, 2020 4:57 am

Are other network devices port forwarded to the WAN ? .. Don't mix up devices with direct accessible ports and devices behind a NAT

https://en.wikipedia.org/wiki/Network_a ... ranslation



Good cheap consumer grade routers with easy interface are Asus (with Merlin WRT modification firmware).
I have a "cost conscious" client that needed RDP access for several remote offices overseas. And he is very happy with the performance of his ASUS AC86U. (20 clients balanced over two OpenVPN Servers)

spile
Know my way around
Posts: 159
Joined: Tue May 24, 2016 12:13 am

Re: Sync Two Qnaps using myQNAP cloud?

Post by spile » Thu Oct 15, 2020 3:20 pm

I can recommend using a Raspberry Pi running Pivpn/Wireguard as a cost effective VPN server if you do not wish to go down the router/vpn route.

Post Reply

Return to “myQNAPcloud service”